Note All certificates that are listed in this section must have
the same password.
If you plan to deploy the additional Azure Stack Hub PaaS services (SQL,
MySQL, and App Service) after Azure Stack Hub has been deployed and configured,
you must request additional certificates to cover the endpoints of the PaaS
services.
NOTE: The certificates that you use for SQL, MySQL, and App Service
resource providers must have the same root authority as those certificates used
for the global Azure Stack Hub endpoints.
The following table describes the endpoints and certificates that are
required for the SQL and MySQL adapters and for App Service. You do not need to
copy these certificates to the Azure Stack Hub deployment folder. Instead,
provide these certificates when you install the additional resource providers.
Table 1. Certificates and endpoints for additional PaaS servicesCertificates and endpoints for additional PaaS services
Certificate
Scope
(per region)
Required certificate subject and SANs
Subdomain namespace
SQL and MySQL
SQL, MySQL
*.dbadapter.<region>.<fqdn>
(Wildcard SSL Certificate)
dbadapter.<region>.<fqdn>
Web Traffic Default SSL Cert
App Service
*.appservice.<region>.<fqdn>
*.scm.appservice.<region>.<fqdn>
*.sso.appservice.<region>.<fqdn>
(Multi Domain Wildcard SSL Certificate)
appservice.<region>.<fqdn>
scm.appservice.<region>.<fqdn>
API
App Service
api.appservice.<region>.<fqdn>
(SSL Certificate)
appservice.<region>.<fqdn>
scm.appservice.<region>.<fqdn>
FTP
App Service
ftp.appservice.<region>.<fqdn>
(SSL Certificate)
appservice.<region>.<fqdn>
scm.appservice.<region>.<fqdn>
SSO
App Service
sso.appservice.<region>.<fqdn>
(SSL Certificate)
appservice.<region>.<fqdn>
scm.appservice.<region>.<fqdn>
NOTE: Notes: Multi Domain Wildcard SSL
Certificate—Requires one certificate with multiple wildcard SANs.
Not all Public Certificate Authorities support multiple wildcard SANs on a
single certificate.
NOTE: Note: SSL Certificate—An
*.appservice.<region>.<fqdn> wildcard certificate cannot be used in
place of the following certificates:
(api.appservice.<region>.<fqdn>,
ftp.appservice.<region>.<fqdn>, and
sso.appservice.<region>.<fqdn>. Appservice explicitly requires the
use of separate certificates for these endpoints.