first, create Azure Key Vault
before creating Key Vault and installing SSL on Linux, you need to use az group create to create resources. For example, to create a resource group named "myResourceGroupSecureWeb", you need to copy the Azure CLI to the corresponding folder first, and then use az keyvault create to create the Key Vault, and enable the Key Vault when deploying the VM.
each Key Vault needs to have a unique name, all in lowercase letters, and then replace the name with its own unique Key Vault name to generate a certificate and store it in the Key Vault. In order to make the website SSL safe to use, everyone needs to be signed by a trusted program when installing SSL import in Linux to be a valid certificate.
second, prepare the certificate for VM
to use the above certificate during VM creation, you need to use az keyvault secret list-versions to obtain the unique ID of the certificate, and then convert the certificate through az vm format-secret. The specific operation is to create a cloud-init configuration to protect NGINX, customize it when the VM is started for the first time, and then install packages and write files through cloud-init, or configure users and security.
except for running cloud-init during the initial startup of Linux installation certificate, there is no need for other steps and agents. It takes several minutes to create a VM, install the package and start the application. After creation, test whether the Web application is safe. If the ssl certificate of Linux is installed with a self-signed security certificate, there will be a security warning on the web page to remind the user of unsafe factors.
compared with other systems, the ssl certificate installation of Linux is relatively simple. However, it should be noted that the Linux installation certificate has certain requirements for domestic and foreign network environments. If it is not changed in time, the SSL certificate configuration will fail. Regarding this content, you can consult the experts on CA website for further understanding.
This article is compiled and published by SSL Shield, and the www.ssldun.com website security shield certificate is cheap and quick to issue.