Saturday, January 14, 2023

Creating a Self-Signed Certificates for Secure Connections

Self-signed certificates can be used to secure web connections, encrypt data sent over the internet, and can be used to authenticate the identity of the server to the client. In this blog post, we will cover the basics of self-signed certificates, how to create them, and how to use them to secure your web connections.

Creating a Self-Signed Certificate

There are several ways to create a self-signed certificate, but in this blog post, we will cover two popular methods: using mkcert and using PowerShell in-built (New-SelfSignedCertificate) cmdlet.

Method 1: Using mkcert

mkcert is a simple command-line tool that can be used to create a self-signed certificate. To create a self-signed certificate using mkcert, you can use script at and can run on PowerShell.













Once you run the script it will first download the mkcert.exe if not exist, and using that will create the Self-Signed Certificate. 









Your directory will looks like below:















Method 2: Using PowerShell

Another way to create a self-signed certificate is by using PowerShell in-built 'New-SelfSignedCertificate' cmdlet. Here is an example of how to use this cmdlet to create a self-signed certificate:

Option 1: Creating a DNS based self-signed certificate









This command will create a self-signed certificate for the different hostnames and store it in the local certificate store.

Option 2: Creating a DNS + IP Address based self-signed certificate














This command will create a self-signed certificate for couple of domains and IP addresses and store it in the local certificate store.

If you want to have the Signer for the Self-Signed certificate then you can first generate the root  certificate and then pass that root certificate while creating the other Self-Signed certificate.

$rootCert = New-SelfSignedCertificate -Subject 'CN=TestRootCA,O=TestRootCA,OU=TestRootCA' -KeyExportPolicy Exportable -KeyUsage CertSign,CRLSign,DigitalSignature -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'

New-SelfSignedCertificate -Subject $certFriendlyName -FriendlyName $certFriendlyName -Signer $rootCert -TextExtension @("2.5.29.17={text}$ip&$dnsNames") -CertStoreLocation "cert:\LocalMachine\My" -KeyAlgorithm RSA -KeyLength 2048 -NotAfter (Get-Date).AddYears(10)


Note: Self-signed certificates are not trusted by default and will not be recognized by default trusted root CA, so it is important to inform users that they are visiting a self-signed certificate website.


Thanks for reading, CloudOps Signing Off! 😊


at No comments:

Saturday, January 7, 2023

Building Visual Studio Solutions with MSBuild - Command Line

 MSBuild is a powerful build tool that is included with Visual Studio. It can be used to build Visual Studio solutions and projects from the command line or from scripts, making it easy to automate builds and deployments.

To build a Visual Studio solution using MSBuild, you can use the following command:

msbuild location: C:\Program Files\Microsoft Visual Studio\2022\Professional\MSBuild\Current\Bin\msbuild.exe






msbuild "D:\a\1\s\solution.sln" /t:Build /p:Configuration=Release /p:platform="any cpu"

You can also specify a specific project within the solution to build by using the /target parameter:







msbuild "D:\a\1\s\solution.sln" /t:Build /p:Configuration=Release /p:platform="any cpu" /target:cms.proj

To generate deployment artifacts for a web project using MSBuild, you can use the 'WebPublish' target. This will build the project and create the necessary files for deployment to a web server.

Here's an example of the command to generate deployment artifacts for a web project:







msbuild "D:\a\1\s\solution.sln" /t:WebPublish /p:Configuration=Release /p:platform="any cpu" /p:DeployOnBuild=true /p:WebPublishMethod=FileSystem /p:DeployDefaultTarget=WebPublish /p:DeleteExistingFiles=True /p:publishUrl="D:\a\1\s\outdir"

Alternatively, you can specify the OutDir property to specify the output directory for the build artifacts. This can be used in conjunction with the 'Build' target to generate the necessary files for deployment.






msbuild "D:\a\1\s\solution.sln" /t:Build /p:Configuration=Release /p:platform="any cpu" /p:DeployOnBuild=false /p:SkipInvalidConfigurations=true /p:OutDir="D:\a\1\s\outputdirectory"

You can also specify additional parameters, such as /p:UseWPP_CopyWebApplication=true /p:PipelineDependsOnBuild=false /p:VisualStudioVersion="15.0" /v:diag to customize the build process.

Alternatively, you can generate a deployment package by using the 'WebPublish' target with the 'Package' publish method:







msbuild "D:\a\1\s\solution.sln" /t:WebPublish /p:Configuration=Release /p:Platform="any cpu" /p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:PackageLocation="$(build.artifactstagingdirectory)\\website\\"

This will build the project and create a deployment package using the specified settings. The 'PackageAsSingleFile' parameter specifies that the package should be created as a single file, and the 'SkipInvalidConfigurations' parameter specifies that the build should continue even if there are invalid project configurations. The 'PackageLocation' parameter specifies the directory where the package should be created.

To enabled verbose logging add below parameter to command line:

/v:diag


Thanks for reading, CloudOps Signing Off! 😊


at No comments:

Azure Login 101: Command Line Options

There are a few different ways that you can log in to the Azure portal using the command line:

  1. Install the Azure CLI or Azure PowerShell module on your local machine, if it is not already installed. 
  2. Use the 'az login' command (for the Azure CLI) or the 'Connect-AzAccount' cmdlet (for the Azure PowerShell module) to log in to Azure.
  3. Use the '--tenant' option (for the Azure CLI) or the '-TenantId' parameter (for the Azure PowerShell module) to specify the tenant (i.e., the Azure Active Directory) that you want to use.
  4. Use the '--subscription' option (for the Azure CLI) or the '-SubscriptionId' parameter (for the Azure PowerShell module) to specify the subscription that you want to use.
  5. Use the 'az account show' command (for the Azure CLI) or the 'Get-AzContext' cmdlet (for the Azure PowerShell module) to display the details of the currently selected tenant and subscription.

  • Azure CLI: The Azure CLI is a cross-platform command-line interface that you can use to manage Azure resources. To log in to the Azure portal using Azure CLI, follow these steps:
# Install the Azure CLI (if it is not already installed)
Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; rm .\AzureCLI.msi  

 # Log in to Azure and set the default tenant and subscription (replace <tenant-id> and <subscription-id> with the appropriate values)

az login --tenant <tenant-id>

          az account set --subscription <subscription-id>

# Display the details of the currently selected subscription
az account show

This script first installs the Azure CLI, then logs in to Azure and sets the default tenant and subscription using the az login command. It then displays the details of the currently selected subscription using the az account show command.

If you only use 'az login' command then use the 'az account set --tenant' and  'az account set --subscription' command to switch between the tenants and subscriptions.

 

  • PowerShell: This is a command-line shell and scripting language that you can use to manage Azure resources. To log in to the Azure portal using the Azure PowerShell module on a Windows machine:, follow these steps:
# Install the Azure PowerShell module (if it is not already installed)
Install-Module -Name Azure -AllowClobber
# Log in to Azure and set the default tenant and subscription (replace <tenant-id> and <subscription-id> with the appropriate values)
Connect-AzAccount -Tenant <tenant-id> -SubscriptionId <subscription-id>

         Set-AzContext -Tenant <tenant-id> -SubscriptionId <subscription-id> 

# Display the details of the currently selected subscription
Get-AzContext


This script first installs the Azure PowerShell module, then logs in to Azure and sets the default tenant and subscription using the Connect-AzAccount cmdlet. It then displays the details of the currently selected subscription using the Get-AzContext cmdlet.

If you only use 'Connect-AzAccount' command then use the 'Connect-AzAccount -TenantId <tenant-id>' and  'Connect-AzAccount -SubscriptionId <subscription-id>' command to switch between the tenants and subscriptions.

 

  • Azure Cloud Shell: This is a browser-based shell that you can use to manage Azure resources. To log in to the Azure portal using Azure Cloud Shell, follow these steps: 
    • Go to the Azure portal in your web browser.
    • Click the Cloud Shell icon in the top right-hand corner of the portal.
    • Select Bash as the shell.
    • Follow the prompts to sign in with your Azure account.

Here are some other common Azure CLI commands that you might find useful:

  • 'az account list': List all subscriptions for the authenticated account.
  • 'az account set --subscription SUBSCRIPTION_NAME': Set the default subscription.
  • 'az resource list --resource-group RESOURCE_GROUP_NAME': List all resources in a resource group.
  • 'az resource show --name RESOURCE_NAME --resource-group RESOURCE_GROUP_NAME --resource-type RESOURCE_TYPE': Show information about a specific resource.

Here are some other common Azure PowerShell commands that you might find useful:

  • 'Get-AzSubscription': List all subscriptions for the authenticated account.
  • 'Set-AzContext -Subscription SUBSCRIPTION_NAME': Set the default subscription.
  • 'Get-AzResource -ResourceGroupName RESOURCE_GROUP_NAME': List all resources in a resource group.
  • 'Get-AzResource -Name RESOURCE_NAME -ResourceGroupName RESOURCE_GROUP_NAME -ResourceType RESOURCE_TYPE': Show information about a specific resource.

Thanks for reading, CloudOps Signing Off! 😊




at No comments:

Friday, January 6, 2023

Sitecore XP 10 Out-of-the-Box: Default Azure PaaS Resources

Sitecore Azure PaaS is a cloud platform that provides a pre-configured and scalable hosting environment for Sitecore applications. As such, it comes with a number of built-in resources that are designed to make it easier to deploy, manage, and maintain Sitecore applications in the cloud.

Here is a list of some of the out-of-the-box resources that come with Sitecore Azure PaaS:
  • Azure App Service: A fully managed web app hosting platform that can be used to host Sitecore applications. Sitecore Azure PaaS includes a total of 11 out-of-the-box App Service instances and 6 App Service Plan.


Here is a picturization of which App Service is associated with which App Service Plan





  • Azure SQL Database: A managed SQL database service that can be used to store data for Sitecore applications. Sitecore Azure PaaS includes a total of 16 out-of-the-box Databases.




























  • Azure Cache for Redis: A managed in-memory cache service that can be used to improve the performance of Sitecore applications.


  • Azure Service Bus: A messaging service that can be used to enable communication and coordination between decoupled systems and services. Azure Service Bus can be used to send and receive messages between applications, or to build complex workflows using a publish-subscribe model. 


  • Azure Application Insights: A performance monitoring service that can be used to detect and diagnose issues in applications. Azure Application Insights can be used to monitor the performance and usage of applications in real-time, and to get alerts when problems arise.




Depending on your specific needs and requirements, you can use some other resources also as mentioned below:

  • Azure Application Gateway: A load balancing and web application firewall (WAF) service that can be used to protect and scale web applications.





  • Azure SQL Elastic Pool: A service that allows you to pool resources and manage the performance of multiple databases within a single logical server.





  • Azure CDN: A content delivery network (CDN) that can be used to deliver static and dynamic content, such as HTML, CSS, JavaScript, and media files, with low latency and high performance.




  • Azure SQL Replication: A feature that can be used to replicate data between SQL databases, including for disaster recovery (DR) scenarios.


  • Azure Traffic Manager: A load balancing service that can be used to distribute traffic across multiple instances/multiple region of a Sitecore application. Helpful in disaster recovery (DR) scenarios.

  • Azure Key Vault: A secure store for secrets, such as passwords, API keys and certificates to associate with Application Gateway Listeners, CDN custom domains, App Service custom domains etc. Also any other secret strings that can be used by Sitecore applications.

  • Azure DNS: A domain name system (DNS) service that can be used to host and manage DNS domains, and to resolve DNS queries from users.

  • Azure Blob Storage: A massively scalable object storage service that can be used to store and retrieve large amounts of data such as App Service Backup, Database Backups, Application Gateway Diagnosis logs, CDN logs etc.

  • Azure Monitor: A monitoring service that can be used to collect, analyze, and visualize data from various sources, including Sitecore applications.

These resources can be used to enhance the capabilities and performance of Sitecore applications in the cloud. For example, you can use Azure Application Gateway to protect your application from attacks and to distribute incoming traffic across multiple instances. You can use Azure SQL Elastic Pool to manage the performance and scalability of your database, and Azure CDN to improve the delivery of static content. Azure SQL Replication can be used to ensure that you have a reliable copy of your data in case of a disaster, and Azure DNS can be used to manage your custom domain name and to route traffic to your application.


Thanks for reading, CloudOps Signing Off! 😊







at No comments:
Subscribe to: Posts (Atom)