HTTPS redirect from all HTTP addresses to the same URL

Posted on by Peter Hobor

While configuring my WordPress site for this blog I wanted to make sure that all content is delivered to the readers through HTTPS.

I really like the Let’s Encrypt initiative to provide free certificates so there is no excuse now not to use HTTPS in any websites, including personal blogs. I will write a post soon about how to automate the certificate generation for Azure Web App using Let’s Encrypt and Azure DNS, but as my blog is hosted on a simple WordPress on Linux where certificate generation is automatic through the CPanel the only thing to do is to redirect all HTTP requests to HTTPS.

This can be easily achieved by adding these lines to your .htaccess file:

If you have any issues with this, you may need to tweek the environment variable of the condition to use one instead of the %{HTTPS}  that tells you on your host that the request is not HTTPS.

Generate Self Signed Certificate with SANs using Azure CLI

Posted on by Peter Hobor

Quite often you need a certificate that does not necessary need to be properly signed because it will only be used for testing purposes or by your own services. Good example when you are creating a Azure Service Fabric Cluster. One option is to use the Azure Portal to generate the certificate by filling out the details, but if you want to automate the process that is not an option.

Using PowerShell to generate certificate on a Windows machine or openssl on Linux is well documented, but if you want your cert directly generated to an Azure Key Vault you must use Azure modules of  PowerShell or Azure CLI.

If you need  a simple self signed certificate, you can do that by using the  az keyvault certificate create command, the Azure documentation has a sample how to use this:

This will create a certificate in the “vaultname” KeyVault with the name “cert1“.
What if you want some more, e.g. to add subject or even multiple entries to the SAN, what if you want to change the automatic renewal (that is the default) to an email alert, what if you want to explicitly specify the usage of the certificate?
The -p "$(az keyvault certificate get-default-policy)" was quite suspicious. The “az keyvault certificate create” documentation says:

--policy -p

JSON encoded policy defintion. Use @{file} to load from a file.

If there was a default policy, there must be a way to customize that – I thought… As usual Google was my best friend, so I found some info in the Key Vault REST API Documentation. I wanted to use the cert with multiple domain names, so SubjectAlternativeNames option looked promising, however the “dns_names” parameter did not work as it was documented. That was when I realized that there was a --scaffold  parameter of the az keyvault certificate get-default-policy  that generates a fully formed policy structure with default values. Here is how to output looks like:

All you need is to save this to a file (e.g. cert_policy.json ), modify the relevant sections and give it a go like this:

Voila, your certificate is available in the Key Vault.

The reason I really like this method is that the certificate itself does not need to leave a fully controlled environment, the Azure Key Vault.