I have successfully configured an Extended-Validation Certificate on an Azure Website following this article:
http://www.windowsazure.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/
The main (non-technical) stakeholder of the web application went through great lengths to validate that our site is secure. He went to this site to check the validity of our SSL:
http://www.whynopadlock.com/
The site throw the following error:
`SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
ERROR: no certificate subject alternative name matches“
The certificate is installed using IP Based SSL instead of SNI. This is done this way because some site visitors still use Internet Explorer 8 on Windows XP, which has no support for SNI and throws a security warning.
Is my certificate correclty installed? I received three .CRT files from my SSL provider:
- PrimaryIntermediate.crt
- SecondaryIntermediate.crt
- EndCertificate.crt
This is how I exported our certificate as a .PFX file to Azure:
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt
Best Answer
Sounds like you need to include the intermediate certificates in the PFX you send to Azure.
If you open PrimaryIntermediate.crt and SecondaryIntermediate.crt in a text editor and copy/paste the entire content into a single file called BothIntermediate.crt. The order the content is in doesn't matter, but make sure you include the headers ("-----BEGIN CERTIFICATE-----", etc.) and leave a blank line between the two.
You'd then want to run something like this to do the PFX conversion:
This would give you a single PFX file that contains your all three of your CA's certificates, your certificate, and your private key. You can then upload it to Azure using the same process you used previously.