We see CAA records more and since CAs are now obligated to check for CAA records when issuing SSL certificates. With this comes the question - How to create a CAA record in Azure DNS? Because it's not currently on the dropdown when selecting the type of DNS record.

What is CAA record?

The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. It's a really good security measure which gives you control over SSL issuence under your domain. Basically, you set the CAA record which tells which CAs can issue a certificate for your domain. You need to list them.

You can find a list of CA names and domains here - https://sslmate.com/caa/

CloudFlare questions related to CAA answered here - https://support.cloudflare.com/hc/en-us/articles/115000310832-Certification-Authority-Authorization-CAA-FAQ

Add a comment

Here is how you can copy files from one Azure Storage account to another. Simple scenario for this is if you want to move entirely from one Storage account to another. In my case I was running for quite some time on a Gen1 Blob-only storage account and now i want to be on the new modern Gen2 general purpose storage account.

Requirements

  • Acces to source and destination storage accounts

Preparations

We want to move the data securely and quickly so the best choice is just by using Azure CLI, the AzCopy commands and SAS tokens to authenticate the requests.

Go to your source Azure Storage account and go to Shared access signature blade

Add a comment

The default App Service domain xxx.azurewebsites.net cannot be changed or removed. It is there to stay. If you don't want users to access it, your option is to redirect the azurewebsites.net requests to your custom domain. 

If your Web App is running on Windows then you can achieve this with a web.config placed in the wwwroot directory.

Table of Contents

Redirect azurewebsites.net

There place the following code under <configuration>/<system.webServer>/<rewrite>/<rules>. Change the CAPITALZED webappname and custom domain below with your own values.

<rule name="Redirect azurewebsites.net to Custom Domain" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^WEBAPPNAME.azurewebsites.net$" />
          </conditions>
          <action type="Redirect" url="http://CUSTOMDOMAIN.COM/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>
Add a comment

If you want free SSL certficiate for your App Service - App Service Managed Certificate is finally here. Secure custom domains for your web apps with App Service Managed Certificates.

Let's first talk about limitaions

Requirements & Limitations

  • Currently in Preview (might have some bugs, although no bugs reported yet)
  • Only works for sub-domains. Naked (Apex) domains are not supported for now

Naked domains not supported

  • Can only be provisioned if an active CNAME is directly pointed to your webappname.azurewebsites domain (Live migrate DNS with awverify will not work)

hostname eligible for Managed App Service Certificate

  • Needs existing "Custom Domain" entry for the domain
  • Requires Basic or above App Service plan
  • Cannot be exported
  • Cannot be wilcard (*.domain.com)
Add a comment