我有一个托管在 Azure 网站 ( appnameapi.azurewebsites.net) 中的 WebAPI 解决方案,其中一些端点现在暴露给常规 http。
我还有一个客户端应用程序托管在appname.azurewebsites.net.
我appname.com是从悬停购买的,并正在appname.com使用appname.azurewebsites.net遮罩转发。客户端应用程序立即发出请求appnameapi.azurewebsites.net,但未加密。
我的目标是让 SSL 在 Web 客户端上运行,以便用户在浏览器栏中看到 SSL,并且从客户端到 api 端点的任何内容都被加密。
我去了 rapidSSL 并购买了appname.com. 现在我不确定是否需要将它放在我的 WebAPI 网站或我的客户端网站中。我找到了一些关于在 Azure 中设置 SSL 的文档,但没有什么能让我很好地掌握在这种情况下需要做什么。
下一步是什么?每个站点是否需要一个证书,如果不需要,单个证书在哪里?
You client web site is appname.azurewebsites.net. You have appname.com mapped to this. Your SSL certificate is for this domain. So, you will need to put the certificate with the client app. As an end user, if I go to appname.com, the certificate your application will present to my browser will be the one you purchased for appname.com. This is for the pages rendered by the client web application.
Now, as the browser renders the page from the client web application, say it needs to make jQuery AJAX calls to your web API site appnameapi.azurewebsites.net. You can use a domain name for this one as well, some thing like api.appname.com but regardless, this will be a cross-origin call, BTW. If this call is also through HTTPS, then for this case also, a valid cert must be presented to the browser. Assuming you have api.appname.com which is a sub-domain of appname.com, you can use the same certificate you bought from rapidSSL with web API site as well provided it is a wild-card cert, which is obviously more expensive. Otherwise, you will need one more certificate for the web api site (or the domain name if you plan to use one for API) and install that new cert in the api app.