Using intermediate certificates in Windows Azure Web site
Source: Internet
Author: User
KeywordsAzureazure Intermediate certificate
Editorial Staff Note: This article is written by >azure Benari, the project manager of the Windows http://www.aliyun.com/zixun/aggregation/13357.html Web site team.
Using SSL on Windows Azure Web sites is commonplace. Although uploading and assigning certificates to a Web site is usually straightforward and straightforward (as described in our recent blog Articles 1 and 2), some customers are experiencing difficulties because their certificate providers use intermediate certificates.
Intermediate certificates, also known as chain certificates, are used by some certificate resellers, and their use is becoming more common because the certificate provider believes this can enhance security. For example, VeriSign and GoDaddy have stopped issuing unlinked certificates over the past few years, which affects the providers that depend on them, including Thawte, and of course geotrust.
Of course, Windows Azure Web site fully supports this use scenario, and you only need to be aware of the steps that are required to install the intermediate certificate to keep it running smoothly. The most common cause of problems in this usage scenario is that the customer tried to upload the intermediate certificate itself to our server. Another common problem is that the client uploads a certificate file that does not contain intermediate certificates. Both of these situations can cause some browsers to alert you that the Web site is not trusted (in most cases, the user can still continue to operate, but this error will undoubtedly cause many users to worry, should be avoided).
Specifically – When a certificate provider uses chain certificate mode, you need to upload it, but the correct way to do that is to upload both. As you may recall from our previous article on this topic, you should export the certificate to a PFX file for upload (this action is required for the certificate to contain its private key) ... If the certificate is issued by an intermediate CA, you only need to make sure that the export contains a * * Intermediate certificate. To do this, make sure that the Include all certificates in the certification path if possible option is selected:
This export produces a large PFX file that contains all the information our server needs to process the certificate. Specifically, you should not export the intermediate certificate itself, but rather export your own server certificate. When you do this and select the correct option, the export will include two certificates in the PFX file, so our server will be able to handle the file correctly.
* * Here is an important reminder that the computer that performs the export must have an intermediate certificate in order for the export to complete successfully. When a certificate provider issues a certificate, it usually provides you with the information and/or links required to install the certificate, but in case you lack the information and/or links or questions, we recommend that you view the message and follow the instructions. You can also search the provider's Web site for information (for example, click here to visit GoDaddy's Web page and VeriSign's Web page)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.