Today I had to work on enabling HTTPS for a website hosted in Apache Webserver running on Azure Ubuntu Virtual Machine.
The website was already running with HTTP:80 enabled i.e. the site is accessible via URL like 'http://analyticsapp.cloudapp.net'
Here are the steps I followed to enable HTTPS:443
Create CNAME and obtain cert for HTTPS
1. Create a CNAME record to map the specific domain for example 'analyticsapp.contoso.com' to canonical domain name e.g. 'analyticsapp.cloudapp.net'. See this for more details.
2. Obtain PFX file (and password) for the domain i.e. 'contoso.com'. Lets call it 'all.contoso.com.pfx'
Configuration in Azure Portal
3. Go to Microsoft Azure portal, find the above virtual machine and open port 443 [Public Port: 443, Private Port: 443, Protocol: HTTPS]. No need to set any specific ACL rule for this endpoint. See this for more details.
4. While you are in Microsoft Azure portal, find the the cloud service in which this virtual machine is hosted. In our example the name of the cloud service is 'analyticsapp' and upload the pfx certificate (step 3) [certificates => Upload, you will be asked to provide password to import the pfx]
Configuration in Virtual Machine
5. Connect to your virtual machine via SSH.
6. Create a temporary directory say 'workspace' and copy the PFX (step 3) (all.contoso.com.pfx) to this folder, generate cert and key from it
azureuser@analyticsapp: //home/azureuser$ cd workspace
azureuser@analyticsapp: //home/azureuser/workspace$ openssl pkcs12 -in all.contoso.com.pfx -clcerts -nokeys -out all.contoso.com.pfx.cer
azureuser@analyticsapp: //home/azureuser/workspace$ openssl pkcs12 -in all.contoso.com.pfx -nocerts -nodes -out all.contoso.com.pfx.key
7. Copy the generated cert and key to etc/ssl directory
azureuser@analyticsapp: //home/azureuser/workspace$ sudo cp all.contoso.com.pfx.cer /etc/ssl/certs/
azureuser@analyticsapp: //home/azureuser/workspace$ sudo cp all.contoso.com.pfx.key /etc/ssl/private/
8. Enable SSL module in apache
azureuser@analyticsapp: //home/azureuser$ sudo a2enmod ssl
9. Enable SSL site
azureuser@analyticsapp: //home/azureuser$ sudo a2ensite default-ssl
10. Restart Apache service and reload the configs
azureuser@analyticsapp: //home/azureuser$ sudo service apache2 restart
azureuser@analyticsapp: //home/azureuser$ sudo service apache2 reload
11. Configure site to use the new SSL certs and keys
azureuser@analyticsapp: //home/azureuser$ cd /etc/apache2/sites-available
azureuser@analyticsapp: //etc/apache2/sites-available$ sudo vi default-ssl
Look for 'SSLCertificateFile' and update the settings:
SSLCertificateFile /etc/ssl/certs/all.contoso.com.pfx.cer
SSLCertificateKeyFile /etc/ssl/private/all.contoso.com.pfx.key
12. Restart Apache service and reload the configs
azureuser@analyticsapp: //home/azureuser$ sudo service apache2 restart
azureuser@analyticsapp: //home/azureuser$ sudo service apache2 reload
Now your site will be accessible using HTTPS e.g. https://analyticsapp.contoso.com
Any application specific configuration
For HTTPS to completely work for this application, I have to follow below application specific configuration steps.
[ Check documentation of your application to see the application configuration changes required to make the app work with HTTPS. ]
13. Open the file /var/www/owa/owa-config.php
azureuser@analyticsapp: //home/azureuser$ sudo vi /var/www/owa/owa-config.php
14. Search for OWA_PUBLIC_URL and set value to HTTPS URL
In my case it was:
define('OWA_PUBLIC_URL', 'http://analyticsapp.cloudapp.net/owa/');
I had to change it to:
define('OWA_PUBLIC_URL', 'https://analyticsapp.contoso.com/owa/');
14. Restart Apache service and reload the configs
azureuser@analyticsapp: //home/azureuser$ sudo service apache2 restart
azureuser@analyticsapp: //home/azureuser$ sudo service apache2 reload