I'm talking to the Windows Azure support team and it seems that you cannot be assigned explicit static IP addresses. You 'happen' to get an IP address when you set things up, but there is no contractual guarantee on a specific IP adress (eg: always 123.123.123.123). In case of a disaster (eg: datacenter natural calamity or accidental deletion of website deployment), you will lose these assigned IPs.
Now, it is my understanding that SSL certificates (for a web server) require a static IP address specified in the certificate binding the server to the certificate. Our setup is:
- Registrar: GoDaddy
- DNS : Amazon Web Services Route 53
- Hosting : Windows Azure Webrole (https://www.server.com) and a worker role (https://api.server.com)
is it possible to have an SSL certificate bound only to the CNAME and not an IP address? How can I obtain such a certificate (is it a special class of SSL certs)? The best thing would be to have a single SSL cert for *.server.com (if possible!)
Appreciate the help!
SSL certificates do not require a static IP. They are tied to a (list of) hostname(s) or wildcard(s), such as *.server.com. Any SSL certificate vendor can sell you these. I use thawte and verisign myself but there are many more.