Open ghost opened 5 years ago
Got a clear picture now, as a group we need to decide where we get our cert from after some research it seems there is no reason to pay though if we are in a certain tier of Azure we will not be able to use a third party key. Currently my plan is to generate a key from here:
Then run Azure CLI commands just to verify there are no issues with binding via these instructions:
After that I will work on automation via the same instructions.
8 hours
Having issues looks like we may not be able to bind a non-certified SSL, at least via powershell or Azure CLI. Trying to figure out a work around.
Useful link for me:
https://docs.microsoft.com/en-us/azure/app-service/scripts/powershell-configure-ssl-certificate
Turns out we are tier one pricing so binding an SSL is included but if we(you) want to use our own see this:
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth
Due to the similarities of the two assigned tasks this comment has been copied from issue #13 on builds > Security Investigation: SSL on Azure Function#13
18 hours:
After much research we have found that the SSL is globally bound to a unique URL that is tied to function that has permission to access data from the application. There are many configurations required to make this work, a DNS, a custom domain, and generating a valid certificate. Currently we are getting an error when trying to add the key to the function. We are in the process of determining why. See this wiki article for a more detailed description:
https://github.com/MerryFairyTalesAD440/Builds/wiki/Binding-SSL-certificates-with-Azure
All done! It took about 30 hours, not including the time Devon took, this was a joint effort and this wiki
https://github.com/MerryFairyTalesAD440/Builds/wiki/Binding-SSL-certificates-with-Azure
Explains the whole process.
I'm not sure where to being with this, the storage website will be an Azure RG I assume. So my initial thought is that you would simply route your data requests to a database similar to a MAMP or LAMP stack except you would add some kind of call that would encrypt the data on its way to the DB automatically. I'll go over and guess this will take 21 hours as I will surely encounter numerous unknowns.