4

I'm using Microsoft.WindowsAzure.Management.WebSites 4.4.2-prerelease library to create/modify Azure WebApps. I can create the app, can change settings, can add a custom domain. Next step is to add SSL certificate. Here is how I do it:

public async Task<WebSiteUpdateResponse> UpdateSslCertificate(String sitename)
{
    var updateParameters = new WebSiteUpdateParameters()
    {
        HostNameSslStates = new List<WebSiteUpdateParameters.WebSiteHostNameSslState>()
        {
            new WebSiteUpdateParameters.WebSiteHostNameSslState()
            {
                ToUpdate = true,
                Name = "mysubdomain.mydomain.com",
                SslState = WebSiteSslState.SniEnabled,
                Thumbprint = "blbhbblblblblblblbMyCertTHUMBPRINT",
            },
        },
    };
    var updateResult = await client.WebSites.UpdateAsync("Default-NorthEuropewebspace", sitename, updateParameters);
    return updateResult;
}

But after adding the cert I can't see the cert added to the site in the portal: No SSL Cert added to the site

Cert is wildcard cert and is already uploaded. If I use the new portal to add SSL cert to the site - I can do it with no problem, so that is not a pricing issue.

Also if I go to Azure Resource Manager and navigate to that site and look for SslStates, I get this: 

"hostNameSslStates": [
  {
    "name": "mysubdomain.mydomain.com",
    "sslState": 0,
    "ipBasedSslResult": null,
    "virtualIP": null,
    "thumbprint": null,
    "toUpdate": null,
    "toUpdateIpBasedSsl": null,
    "ipBasedSslState": 0,
    "hostType": 0
  },
  {
    "name": "testingcreation.azurewebsites.net",
    "sslState": 0,
    "ipBasedSslResult": null,
    "virtualIP": null,
    "thumbprint": null,
    "toUpdate": null,
    "toUpdateIpBasedSsl": null,
    "ipBasedSslState": 0,
    "hostType": 0
  },
  {
    "name": "testingcreation.scm.azurewebsites.net",
    "sslState": 0,
    "ipBasedSslResult": null,
    "virtualIP": null,
    "thumbprint": null,
    "toUpdate": null,
    "toUpdateIpBasedSsl": null,
    "ipBasedSslState": 0,
    "hostType": 1
  }
],

So the new cert is added, only state is 0 (WebSiteSslState.Disabled) and no thumbprint stored.

Am I doing something wrong? How can I assign SSL cert to a site?

trailmax
  • 31,605
  • 20
  • 126
  • 225

1 Answers1

1

From https://github.com/davidebbo/AzureWebsitesSamples/issues/2 I quote the answer to that question from @trailmax and for future references.

I have managed to get it working. Host names are to be added by CreateOrUpdateSiteHostNameBindingAsync() rather than site.HostNames:

       var binding = new HostNameBinding()
         {
             Location = "North Europe",
             Name = hostName,
             CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
             HostNameType = HostNameType.Verified,
             SiteName = siteName,
             Type = "Microsoft.Web/sites/hostNameBindings",
         };
         var result = await websiteClient.Sites.CreateOrUpdateSiteHostNameBindingAsync(resourceGroupName,
 siteName, hostName, binding);
         site = websiteClient.Sites.GetSite(resourceGroupName, siteName);

         site.HostNameSslStates.Add(new HostNameSslState
         {
             Name = hostName,
             Thumbprint = certificate.Thumbprint,
             SslState = SslState.SniEnabled,
             ToUpdate = true,
         });

         site = await websiteClient.Sites.CreateOrUpdateSiteAsync(resourceGroupName,
 siteName, site);

Though I'm not sure about all the parameters in HostNameBinding object are required. Can you please verify what properties are required there? (I took the values from Resource Explorer)

Nordes
  • 2,396
  • 2
  • 18
  • 30