Moving to SSL / HTTPS-PART 3

Azure Websites Basic Pricing Tier (SSL Support)

So you now have an SSL Certificate? Lets install it to your Azure Website. I distinctly remember, in order for you to have a custom domain (without the .azurewebsite.net), you have to be in the D1 Shared instance in which I am right now.

So from D1 Shared, I upgraded to B1.

23

24

Once upgraded, you can now go the SSL settings. You can search it thru the web app settings and in there, click Upload Certificate.

25

Now remember the PFX file that we created on the earlier part? Use that and use the password that we added when we exported the PFX.

26

27

28

Still within SSL settings, we now have to bind the uploaded SSL with the domain that we want to secure. Click SSL Bindings.

29

Choose the SNI SSL after using the hostname and certificate name combination. Then click Add Binding.

30

So that’s it, in just 3 easy steps we already have a working SSL Certificate bound to our site.

31

Now to check, lets go to https://www.johndelizo.com/ using chrome and IE.

32

Valid certificate! Sweet!

33

But our old http only site is still active. So we may need to automatically redirect visitors from http to https. Rewrite should do this. Lets edit web.config!

So my TFS Online is linked to my Azure Websites. I already have a redirect before and should be a fairly easy web.config change, build deploy.

35

Oh no. I got a message: “We deprecated the hosted XAML build controller on July 1st 2017. We recommend that you migrate to our new build system. However if you still need to run XAML builds during the migration then you must set up a private XAML build controller now”.

36

I cant believe I never got around to update my own build! Okay, no time to waste, lets just create a new build definition. Stay tuned for part 4.

Advertisements

Moving to SSL / HTTPS–PART 2

On this Part 2: We are going to get our CER and PFX to be used for Azure.

Create Certificate Signing Request

There is a tool available thru Digicert website or you can do it manually over IIS. Since my target is to install this in Azure, I chose to use the tool they provided.

1

Lets use a Windows PC. So I will not have IIS Manager access to my Azure Website so we need to generate the certificate and then install it.

2

Download the tool, extract and run.

3

4

Click the SSL Certificate tab and click Create CSR.

image

This reminds me of the IIS Manager Create Certificate Request action but it should be straight forward. Click SSL and then make sure that your info is correct. Then click Generate.

6

Then copy the result to a notepad or clipboard can be enough.

7

Login back to your Digicert account and click the status of your order. There should be a Pending CSR there.

8

This opens up a pane and you can paste the CSR here.

9

I chose IIS 10 and then clicked continue.

10

Then viola, CSR Completed. This will then trigger an email where your .CER will be attached.

11

12

Unzip this to get the .CER and some instructions.

13

Go back to the DigiCert certificate tool and then import the CER. You need to get the *PFX out of this CER.

14

Once you clicked next, just enter your friendly name and then finish. It should show on the utility.

15

Like this:

16

Now lets export the PFX, just highlight the certificate and then click Export.

17

Export the private key, use PFX and all path if possible. Click Next.

18

Yes, like the MMC, you need to provide a password since you are exporting the private key as well.

19

Then save the PFX File to a location where you will pick up to install in AZURE.

20

You can now close this tool. Thanks DigiCert!

22

Moving to SSL / HTTPS–PART 1

Certificate Authority

For my CA I got DIGICERT (https://www.digicert.com) thru the MVP Program and got the SAN Certificate that can be used on multiple domains. 

A free alternative will be Let’s Encrypt (https://letsencrypt.org/) however you may need to use an Azure Site extension for this. 

I got started with Digicert by signing-up and then do the verifications. For me I was asked with only two requirements:

  • I have a currently active government issued photo ID (Suggest you don’t black out the address) that has your name, address and expiration date.
  • That you have control or ownership of the domain – They will send a link thru your postmaster emails. Be sure to check if these are active.

admin@<YOURDOMAIN.COM>
administrator@<YOURDOMAIN.COM>
webmaster@<YOURDOMAIN.COM>
hostmaster@<YOURDOMAIN.COM>
postmaster@<YOURDOMAIN.COM>

I must mention that they have a phenomenal customer service and will follow-up thru phone and email on your certificate order and help you on the requirement.

After the verification they will send you an emails confirming the verification. Got a personal email from an Engineer and the automated email. Mine just took a few hours after I did the requirements and I was able to continue with creating a CSR.

image_thumb[7]

How to apply license on SCOM 2016(fwlink 74446)

Today I had a chance to revisit my SCOM Lab. But after booting everything, I noticed that even if all services are running including SQL and SCOM, the Ops Manager console throws an error on connecting.

TL;DR; My trial license is expired. Use Powershell to apply license:

  • Import-Module OperationsManager
  • Set-SCOMLicense –ProductId “<YOUR PRODUCT KEY>”
  • Restart-Service OMSSDK
  • New-SCOMManagementGroupConnection
  • Get-SCOMManagementGroup | Format-List –Property SkuForProduct, SkuForLicense, Version, Name, TimeOfExpiration

Long story, so will I reinstall today? So normal troubleshooting after seeing the error, restarting the services including SQL Server and nope, no joy there.

Going back to the console, thankfully there is a stack trace there. So lets read thru the errors, mostly access denied exception but there was the ex.message.toString there. So we have hopes here.

It seems that there was an access denied exception but the inner message is saying “You have exceeded the evaluation period of this product. Please upgrade to the retail version to continue using the product” Aha! I followed the link and it seems that it only redirects to a generic product page. Still no joy.

image

There are a few TechNet and Support articles out there, but there’s one problem. License IS expired already.

https://support.microsoft.com/en-ph/help/2699998/how-to-add-a-product-key-to-the-eval-version-of-system-center-2012-ope

https://technet.microsoft.com/en-us/library/hh966734(v=sc.12).aspx

Problem is we cant connect to the management group, because, yes we have an exception. Yikes.

image

I think the article is a little off, since applying SCOM licenses are thru registry access so it shouldn’t require any connection.

So first, run PowerShell as an administrator on the server where SCOM is installed.

Apply the license key that you have for retail. (See TLDR section for Copy-Paste PS> commands)

Also remember also to restart the System Center Data Access Service after applying the license. Included in TLDR.

image

Try out the new connection and try and poke the management group and get the license details.

Then try and connect using the Console. Yes its working, but my apps are not.

image

So there ya go, and I’m back to my DevOps management group. I’m trying out the new MP for .NET APM with Application Insights. This is going to be fun. Well after we fix DB01. Should blog about it later.

Usapang Ulap: Microsoft Bot Framework, LUIS and DevOps

Thank you all for attending our Usapang Ulap! And we are exited to show you the latest with Microsoft’’

17361608_10208716937583087_7470288327236261044_n

There are more practical use of the new bots and artificial intelligence services such as using Microsoft Bot and LUIS to do development operations. In this live demo, we saw that using bots, we can control our continuous integration services from build, deploy and test.

17353584_1257908540924516_1583235151990719465_n

 

I would probably do a detailed blog on how to integrate these services and API together so please do check my blog out. But for now, I used the Microsoft Bot Framework and Visual Studio TFS Online authenticated API’s.

Here’s our full line up:

Microsoft Bot Framework – Jon Limjap
Microsoft Language Understanding Intelligent Service (LUIS) – Allan Spartacus Mangune
Using bots in DevOps – John Delizo
Bot Framework with Sentiment Analysis – Eduardo Lorenzo
PowerBI – Argelo Royce Baustista
17352475_10208716937823093_7307387412118475744_n17352520_10208716937743091_8853133980558445344_n17361958_10208716937503085_2437104987182411869_n17362707_10208716937423083_367270748908997155_n

Hope to see you on our next Azure event!

Am back in UMAK!

So its another Saturday of community work for me and Allan. This time, we got a chance to talk about Windows Server, Microsoft Azure and .NET in the University of Makati’s College of Computer Sciences (CCS). https://umak.edu.ph/ last week (Feb 18)

WP_20170218_10_46_28_Pro

We did a couple of Demo, to start with, Allan did the whole Azure Web App complete with the ASP.NET Core demo. I think this is a highlight of the event, us doing demo especially this .NET MVP doing the end to end scenario in less than an hour, using again limited amount of cellular data.

WP_20170218_11_14_43_Pro

Then to cap off, did a demo on Windows Server 2016 and the installation including the nano server.

Events 2017 - UMAK - Feb 18

Its my 2nd time here in UMAK and hopefully we can be back with student requests for the hands on experience. 

Thank you EARIST Cavite!

Its a busy but fulfilling Saturday for me and Allan driving off to GMA Cavite to conduct a tech talk on Development, Infrastructure and Security with the students of Eulogio “Amang” Rodriguez Institute of Science and Technology (http://earist.edu.ph/) last Feb 04.

Events 2017 - EARST - Feb 18

We had a blast with these enthusiastic students, eager to ask questions even if the computer lab is already jam packed! The drive was really worth it.

WP_20170204_12_50_15_Pro

It was actually fun! So being two geeks with limited amount of cellular data driving around south.

WP_20170204_14_49_44_Pro

image

WP_20170204_14_33_47_Pro

So thanks again EARIST Cavite! Hope we can be back sooner!