Microsoft Datacenter Virtual Tour

Ever wanted to tour one of Microsoft's datacenters?  Good luck!  For obvious security reasons, it's almost impossible.  But how about a virtual tour?

How to get free SSL for Azure Web Apps using StartSSL

In my previous post, I wrote about using Cloudflare to encrypt the traffic of an Azure Web App for free without installing any SSL certificate in Azure.  In this post, I'll explain how to use StartSSL from StartCom to get a free certificate that you can install in the Azure portal.  Please note that this free certificate use is limited to personal and non-commercial use.

In the StartSSL main page, select "StartSSL Free":

First, you now need to create an account by entering your country and email address so they can send you a validation code:

Once accepted, they install a client certificate on your machine.  This is their way to authenticate you so make sure to create your account on a PC you own:

That's it so let's now create a free certificate.  Locate the free certificate section and click on the "here" link:

Select the "Web Server SSL" option:

Click on the "Domain Validation" link:

Enter your domain name:

StartSSL will retrieve the domain administrator email from your registrar so they can send you a verification code:

Get the code, paste it in the "Verification code" field and click on the "Validation" button.

Next, click on "Order SSL Certificate":

You can enter the full hostname. Typically it's "www." + the domain name:

You need to submit the CRS.  Click the link to download the StartCom.exe tool:

Select SSL Certificate, enter the domain name and your country then click on the "Generate CSR" button.  Click on the "Copy" button to copy the CSR.


Back on the Website, paste the CSR and MAKE SURE that you select  "Generated by PKI system".  This will allow you to download your private key and it's the only way I found to do this.

Click on the "Download Private Key" button to download the ssl.key file.  Store this file securely.


Next, you need to wait a while for StartSSL to process the order:

Once processed, locate you certificate in the "Certificate List" section and click on the "Retrieve" button.

The Zip file will contain cert files for IIS.  Locate them so we can generate the pfx file by using the "startcomtool.exe" that we used earlier.

Click on the "Certificate" tab and click on "Generate PFX".  Next, select your certificate (the .crt file) and the private key (the ssl.key file) and enter the password you entered earlier.  Click on "Submit" and save the .pfx file.

Let's now switch to the Azure portal.  Located your App Service, click on "Settings" and click on the "Custom domains and SSL" link.

Click on the "Upload Certificate" button.

Select the .pfx file you created earlier and enter its password.  Click on "Save".

You now see the certificate in the "Certificates".  Add the binding for the naked domain and www and click "Save".


That's it!  We can now browse the site using HTTPS.  If you click on the green lock, you will see that the certificate was issued by StartCom.

Again, this free StartSSL certificate is for personal and non-commercial use.

How to get free SSL for Azure Web Apps using Cloudflare

If you're looking to add SSL to your Azure Web app using a custom domain name but don't want to spend a dime, you can get a free certificate from StartSSL and configure it in the Azure portal or use Cloudflare free plan that include SSL at no cost.  In this blog post, I'll explain how to configure GoDaddy and Cloudflare.

First thing first, doesn't Azure encrypts Web Apps using SSL?  Yes but only is you're using the default domain like this:

If you set a custom domain name and try to access it using HTTPS, you get this:

So you absolutely need a certificate if you want to secure traffic to your Azure Web App with HTTPS. 

OK, so what is Cloudflare? According to Wikipedia:

CloudFlare is a U.S. company that provides a content delivery network and distributed domain name server services, sitting between the visitor and the CloudFlare user's hosting provider, acting as a reverse proxy for websites. Its network protects, speeds up, and improves availability for a website or mobile application with a change in DNS.

Here are Cloudflare's building blocks:  

What we're interested in is getting SSL for free and Cloudflare has a free service tier that includes SSL: 

Great but how does it works?  Do I need to install something on Azure?  Cloudflare offers three ways to set SSL: Flexible, Full and Full (strict).  The default one is Flexible and it encrypts data between the visitors and Cloudflare but not the traffic between them (Cloudflare) and Azure.  Note that by using Cloudflare, the visitors never reach your Web App directly on Azure.  

Great!  That seems perfect: a free service that includes SSL without dealing with certificate installation.  Too good to be true?  Let's try it out.

The first step is to provide Cloudflare with the domain name (this assume that you already configured your custom domain name in the Azure portal):

Cloudflare scans your DNS and show you a quick video explaining the process:

This is what Cloudflare found:

And this is what is set in GoDaddy:

We need the A record to point to Azure and the CName record "www" so visitors can type either or in their browser to reach the site.  The "awverify" is only needed when setting the domain name in the Azure portal.  It should not be needed anymore.

Let's now select the "Free Website" plan:

Cloudflare wasn't able to change the GoDaddy's nameservers so I'll need to change this directly in GoDaddy's console.

In GoDaddy's console, you'll need to locate the nameservers section for your domain and click on the "Manage" link:

You then need to select "Custom" and click on the "Add Nameserver" button:

Enter the namesersers provided earlier by Cloudflare.  Click "OK" and "Save" on the next step:

That's it for GoDaddy!  Now back to Cloudflare.  Let's hit the "Continue" button.  Cloudflare informs us that the status is pending. 

You now need to wait, this step could take up to 24 hours when using Cloudflare's Free tier.  In my case, it took about 2 minutes and I received a confirmation email:

And the status changed to Active in the Cloudflare console:

We now have to wait for the certificate to be issued and configured.  Click on the "Crypto" tab to see the status.  Note that this step can take up to 24 hours to complete.  In my case, it took just a few minutes.

You can now access your Website using SSL:

Voilà!  Free SSL for your Azure Web Apps!  Note that Cloudflare offers way more then SSL and you should take some time exploring what's included in the Free plan.

RasPiO Pro Hat on Kickstarter

Alex Eames of has started a new project on Kickstater.  It's a HAT for the Raspberry Pi that arrange the GPIO ports in perfect order and protects the circuitry against wiring errors.  It's £12 + £2 for shipping to Canada which equals to $29 loonies.  Project backed! 

Microsoft Envision, a conference for business leaders or decision makers

Funny, since Microsoft combined a bunch of it's tech conferences into Ignite, it created a bunch of new ones.  The latest one is called Microsoft Envision and is targeted at business leaders or decision makers.  It will take place on April 4-6, 2016 in New Orleans.

The Sad State of Web Development

Interesting read on the current state of Web development.

Erik and Guy's most excellent Xamarin open source projects

While in Redmond for the MVP Summit 2015, Erik Renaud and I recorded this Channel9 video about cool open source projects that you can use to kickstart your Xamarin projects.

Raspberry Pi 2 available on the Canadian Microsoft Store

Is you're looking to get your hand on a Raspberry Pi, the Canadian Microsoft store is now selling them along with the official case and power adapter.  $47 for a Pi 2, shipping that's a deal!

Speaking about IoT and Azure

I'll be speaking about IoT and Azure at the "Internet des objets, Objets connectés Montréal" user group on Wednesday, Feb 3 2016.  The meeting will be in French with English slides.  Here's the description:

Une fois la conception de vos objets connectés complétée, vous devrez penser à récolter et analyser la télémétrie afin de la transformer en données pouvant être facilement analysée. Je vous propose un survol de Microsoft Azure qui vous permet de combiner plusieurs services comme Events Hub et Stream Analytics ou d’utiliser Azure IoT Suite offrant des solutions IoT préconfigurées.  Ces services permettront de recueillir la télémétrie, de la stocker, de l’analyser en temps réel, de prendre action sur des alertes ou d’afficher des graphiques dans Power BI.

L’offre Azure est fort intéressante car Microsoft a annoncé l’ouverture de deux centres de données canadiens qui ouvriront en 2016.  De plus, il n'est pas nécessaire d'être sur le "Microsoft Stack" pour utiliser les services Azure.   Vous verrez aussi comment les startups peuvent bénéficier de crédits Azure pendant 3 ans.

Chakra JavaScript engine is now open source

Microsoft has announced that ChakraCore, the open source version of their JavaScript engine, is now available on GitHub.

Page List

Month List