In this post we can create a Key Vault & Secret.
Create Key Vault
Go to Azure > Key Vaults > Create new Key Vault
Copy the Key Vault URL. You will need it in the upcoming step.
Go to the Secrets blade & Create a new secret.
Go to Key Vault > Access Policies > Add Access Policy > Select App Registration
Now we are ready to proceed with next step.
This post is part of an Article Series:
Azure allows Locking the resource, resource group from accidental modifications OR deletions.
Types of Locks
There are 2 types of locks:
- DELETE LOCK prevents deletion of resource
- READONLY LOCK prevents modifications Or deletion of resource
The Lock Blade is available for all the resources:
- App Service
- Virtual Machines
- Data Factory
Now let us create a Delete Lock.
Now go to the App Service & Try deleting it.
You will get the following Message preventing it from deletion.
This is a wonderful feature for Administrators & Prevents accidental deletion & modifications of the Azure Resource OR Resource Groups.
In this post we can do the following:
- Create App Service
- Associate .PFX Certificate
- Create App Registration
- Associate .CER Certificate
Create App Service
Go to Azure > App Service > Create New App Service (At least B1 Plan required to have TLS settings)
Associate .PFX Certificate
Go to App Service > TLS Settings blade > Private key certificates tab > Upload our .PFX certificate
Note the Thumbprint of the certificate. You will need it in the upcoming steps of the article-series.
Create App Registration
Go to Azure > Active Directory > App Registrations > Create New App Registration
Noe the Client ID & Tenant ID. You will need it in the upcoming steps of the article-series.
Associate .CER Certificate
Now go to the Certificates & secrets blade and upload the .CER certificate.
You are now ready with your App Service & App Registration along with the Certificates.
Few notes on Certificates:
- Issuer Information – owner information
- Private Key – for encryption using one secret – faster
- Public Key – for decryption using another secret – slower & better reliable
- Thumbprint – for identification
- Password – for installation
This post is part of an Article Series:
Go to IIS > Server Certificates > Export Certificate
Install Certificate to Current User.
X509Certificate2 certificate = new X509Certificate2(“C:\\Certificates\\IISExported.pfx”, “Password”);
X509Store xstore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
Try getting the Certificate back.
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindByThumbprint, certificate.Thumbprint, false);
if (col == null || col.Count == 0)
Console.WriteLine(“ERROR: Certificate not found with thumbprint”);
Console.WriteLine(“Found: ” + col.FriendlyName);
In this post we can see how to disable Outbound Internet Connectivity from a VM.
- Outbound Connections are Originated From the system
Step1 : Create an NSG (Network Security Group)
Step 2: Disable Internet
Go to the Outbound Security Rules. By default there will be 3 rules which enables Internet.
We need to create a new rule with Lower Priority Number so it will be picked first.
Click the Add Rule button. Make the following changes.
Step 3: Associate NSG with VM
Now go to the VM > Change the NSG to the new one.
Step 4: Test Connectivity
Restart the VM > Go to RDP > Open Internet Explorer > Try www.bing.com
You should not get the page displayed. It ensures Internet Connectivity is disabled now.
Certificates provide better Authentication than Passwords. Certificates has to be procured from Signing authorities & will be installed with application through Deployment Team.
Note However it is better for Developer to know all these – if anything screwed up can help back them.
For development purposes we can use IIS Certificates.
Step 1: Create Certificate
Go to IIS > Server Certificates > Create Self-signed Certificate
You will get the new certificate listed as below.
Step 2: Export to .CER Format
Double-click on the certificate, Go to Details tab & Click Copy to File button.
Continue the wizard & You will get a .CER file output.
Step 3: Export to .PFX Format
Now right click on the item & click Export option.
Enter the Password & after export you will get a .PFX certificate.
You can go the folder & see 2 files are created.
In this post we have seen how to create a certificate, export as .CER & .PFX file.
Test-NetConnection sqlserver.database.windows.net -port 1433
Run > wf.msc > Ensure Outbound Ports are not blocked – especially 1433 port