How can we improve Azure Storage?

make it possible to use SSL on blob storage using custom domains

Currently you can use SSL but you have to user the standard URL. You can create a CNAME to your storage account but most browsers complain that the traffic was rerouted and is possibly an attack. There should be a way to install a domain certificate to your containers.

3,943 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobin Rysenga shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    You can now use the Azure CDN to access blobs with custom domains over HTTPS. See the following article for instructions on how to do so: https://docs.microsoft.com/en-us/azure/storage/storage-https-custom-domain-cdn. Having talked to a number of customers, we concluded that this solution addresses many scenarios where the need for HTTPS access to blobs with custom domains exists.

    Native Azure Storage support for using SSL to access blobs at custom domains is still on our backlog. We would love to hear about your scenarios where using the Azure CDN is not an acceptable solution, either by posting on this thread or sending us an email at azurestoragefeedback@microsoft.com.

    114 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Ben Coleman commented  ·   ·  Flag as inappropriate

        Definitely much needed now with the static web hosting features coming to storage. CDN isn't a good alternative IMO

      • Clint Mann commented  ·   ·  Flag as inappropriate

        Looks like this ain’t happening. Microsoft obviously is going for big profits with this one since they are pushing their HIGH DOLLAR CDN instead of just implementing this feature request. This is one of the highest voted feature requests ever and its still just “under review”. WHATS THE POINT OF VOTING THEN??

      • Ike Ellis commented  ·   ·  Flag as inappropriate

        Can we revisit this? Chrome is going to flag any file not over SSL as unsecured. Users will get an error if they open a file from Azure Blob Storage in Chrome. We really need SSL certs for custom domains.

      • Heather Lattanzio commented  ·   ·  Flag as inappropriate

        Our blob storage accounts are private, not public and we use SAS tokens with expiration to give user access to individual files. We don't need a CDN and the CDN doesn't support expiration of SAS tokens. The only way that might work would be to setup the query string caching rules to never cache URLs with query strings, so that all request with a SAS token (a query string) would go back to the origin server to evaluate the sas token and the expiration. This completely negates any value of a CDN. If it would even work, it is extra overhead and extra cost and a huge workaround solely to be able to use a custom domain to access storage account blobs over https.

      • Benjamin Akhtary commented  ·   ·  Flag as inappropriate

        I ended up writing a wrapper with web apps to serve the static files and have the SSL. its extra work, headache, and lower performance for no logical reason, if that could be just done by assigning custom domains with SSL.

      • Benjamin Akhtary commented  ·   ·  Flag as inappropriate

        i have been waiting for years for this feature, and for our new project we just went with Amazon cloud front S3 with custom domain ssl support. the rest of our servers are still on Azure.

        its a really basic feature. and with everything moving to SSL these days for user security, seo ranking, etc its just a common sense to have this feature. it is not realistic to pay for CDN when you dont need a CDN for your solution.

      • Paul commented  ·   ·  Flag as inappropriate

        We absolutely need this feature because of the many valid reasons already provided in the comments. As mentioned by others, the CDN solution is overkill.

      • Nisse commented  ·   ·  Flag as inappropriate

        CDN is designed for huge amount of requests from all over the world.

        It is a poor solution for an enterprise solution for a small number of users.

        Placing images and other data in a completely different domain raises a lot of usability issues when it comes to web browser security.
        Downloading stuff from the same parent domain is normally considered more secure and does not raise issues with many off the ad blockers out there.

      • Peter Andersson commented  ·   ·  Flag as inappropriate

        For our use case being forced to use a CDN just add another layer without any benefit. The files we are publishing to blob storage might be downloaded once or twice so using a CDN is a huge overkill and we mostly likely will not get any benefits from the caching the CDN provides.

      • RentHQ commented  ·   ·  Flag as inappropriate

        This is a must-have feature! Most things these days should be https. By not providing it, seems like a security issue you are ignoring. And I dont accept CDN as an acceptable work around.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Nearly six years? That's depressing. Condolences to those who have been waiting a lot longer.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It's honestly ridiculous that this _issue_ has existed for years when it should be treated as a high priority *bug*

      • Anonymous commented  ·   ·  Flag as inappropriate

        We mostly do not want to directly expose the storage URLs to customers as it contains more information than we'd like to disclose.

      ← Previous 1 3 4 5 6

      Feedback and Knowledge Base