RSS

Azure CDN Limitations for using SSL with custom domains

21 Jul

Content delivery networks or content distribution networks (CDN) are great systems to have if you need to add extra bit of fuel towards application’s high performance and towards having high availability. In essence there are number of benefits to have a CDN, they have been discussed elsewhere a lot in the internet. What I am going to talk about is one serious limitation you must be aware of about Windows Azure CDN. There are number of other cloud CDN providers available which overcome this but here focus is on Windows Azure.

However if you already have your web applications deployed in windows azure your preferred choice is windows azure itself. At the time of writing new portal(https://portal.azure.com/) does not have azure CDN functionality added you need to use regular management console (https://manage.windowsazure.com/) for this.. If you go to CDN nodes on left in Azure management console you would find existing CDNs you have created or allows you to create new. Creating and configuring CDN has been relatively so easy with Azure portal.

azure-cdn

You can map new CDNs you create with your storage accounts or cloud services or with custom origins (this is also another serious limitation azure has cut off recently as of writing this described here). Finally you will get CDN URls with something like this where hashes replaced with numbers…, “http://az#####.vo.msecnd.net/images/product-11189.jpg” If you don’t like to use these ugly Urls You could easily map this with your custom domain/subdomain easily. No issue so far.

What is the Limitation then?

SSL support for CDN is mostly a must for many public websites these days mainly to prevent private data sniffing and to prevent man in the middle attacks.

So for these SSL enabled public web pages you need to have your CDN with https support. Having regular http CDN URLs in SSL enabled web pages would give browser warnings varyingly by different browser vendors. Using protocol relative urls (http://www.paulirish.com/2010/the-protocol-relative-url/) will not help for Azure CDN in this case.

At the time of writing Azure CDN does support https as shown below but the issue is it not usable with your custom domains!. azure https Instead you must use Microsoft provided CDN urls which are starting like this “https://az#####.vo.msecnd.net/”…. This might be ok or not depending your business requirements but we should keep this in mind in advance.

This will hopefully be fixed by Microsoft in near future. Please do vote at here if you find this feature is useful like I did. http://feedback.azure.com/forums/169397-cdn/suggestions/1332683-allow-https-for-custom-cdn-domain-names.

You must use https://az#####.vo.msecnd.net/images/product-11189.jpg like Urls these subdomains are automatically get signed with Microsoft provided certificates. You don’t need to sign certificates additionally.

Issue is this prevents using Azure CDN with https support for your custom domain.

Advertisements
 
Leave a comment

Posted by on July 21, 2015 in Azure

 

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: