Azure Traffic Manager and SSL Certificates
up vote
0
down vote
favorite
I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.
I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.
All my sites are like this:
- http://foo1.trafficmanager.net
- http://foo2.trafficmanager.net
- http://foo3.trafficmanager.net
- http://foo4.trafficmanager.net
- http://foo5.trafficmanager.net
- http://foo6.trafficmanager.net
As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...
Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.
Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)
azure ssl ssl-certificate azure-web-sites azure-traffic-manager asked Nov 10 at 3:08
user3587624
3111424
add a comment |
up vote
0
down vote
favorite
I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.
I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.
All my sites are like this:
- http://foo1.trafficmanager.net
- http://foo2.trafficmanager.net
- http://foo3.trafficmanager.net
- http://foo4.trafficmanager.net
- http://foo5.trafficmanager.net
- http://foo6.trafficmanager.net
As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...
Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.
Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)
azure ssl ssl-certificate azure-web-sites azure-traffic-manager asked Nov 10 at 3:08
user3587624
3111424
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.
I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.
All my sites are like this:
- http://foo1.trafficmanager.net
- http://foo2.trafficmanager.net
- http://foo3.trafficmanager.net
- http://foo4.trafficmanager.net
- http://foo5.trafficmanager.net
- http://foo6.trafficmanager.net
As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...
Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.
Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)
azure ssl ssl-certificate azure-web-sites azure-traffic-manager asked Nov 10 at 3:08
user3587624
3111424
I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.
I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.
All my sites are like this:
- http://foo1.trafficmanager.net
- http://foo2.trafficmanager.net
- http://foo3.trafficmanager.net
- http://foo4.trafficmanager.net
- http://foo5.trafficmanager.net
- http://foo6.trafficmanager.net
As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...
Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.
Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)
azure ssl ssl-certificate azure-web-sites azure-traffic-manager azure ssl ssl-certificate azure-web-sites azure-traffic-manager asked Nov 10 at 3:08
user3587624
3111424
asked Nov 10 at 3:08
user3587624
3111424
asked Nov 10 at 3:08
user3587624
3111424
asked Nov 10 at 3:08
user3587624
3111424
asked Nov 10 at 3:08
user3587624
3111424
3111424
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
answered Nov 11 at 8:40
Nancy Xiong
2,100116
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
answered Nov 11 at 8:40
Nancy Xiong
2,100116
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
add a comment |
up vote
2
down vote
accepted
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
answered Nov 11 at 8:40
Nancy Xiong
2,100116
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
answered Nov 11 at 8:40
Nancy Xiong
2,100116
Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.
If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.
You can get more details about SSL Certificate Names
answered Nov 11 at 8:40
Nancy Xiong
2,100116
edited Nov 11 at 9:43
answered Nov 11 at 8:40
Nancy Xiong
2,100116
answered Nov 11 at 8:40
Nancy Xiong
2,100116
answered Nov 11 at 8:40
Nancy Xiong
2,100116
2,100116
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
add a comment |
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all...
– user3587624
Nov 11 at 22:11
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand.
– Nancy Xiong
Nov 12 at 1:53
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
It was! Marked as accepted. Apologies for the delay
– user3587624
Nov 12 at 17:34
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53235691%2fazure-traffic-manager-and-ssl-certificates%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
