Note All certificates that are listed in this section must have the same password.
If you plan to deploy the additional Azure Stack Hub PaaS services (SQL, MySQL, and App Service) after Azure Stack Hub has been deployed and configured, you must request additional certificates to cover the endpoints of the PaaS services.
The following table describes the endpoints and certificates that are required for the SQL and MySQL adapters and for App Service. You do not need to copy these certificates to the Azure Stack Hub deployment folder. Instead, provide these certificates when you install the additional resource providers.
Certificate | Scope (per region) | Required certificate subject and SANs | Subdomain namespace |
SQL and MySQL | SQL, MySQL | *.dbadapter.<region>.<fqdn> (Wildcard SSL Certificate) | dbadapter.<region>.<fqdn> |
Web Traffic Default SSL Cert | App Service | *.appservice.<region>.<fqdn> *.scm.appservice.<region>.<fqdn> *.sso.appservice.<region>.<fqdn> (Multi Domain Wildcard SSL Certificate) | appservice.<region>.<fqdn> scm.appservice.<region>.<fqdn> |
API | App Service | api.appservice.<region>.<fqdn> (SSL Certificate) | appservice.<region>.<fqdn> scm.appservice.<region>.<fqdn> |
FTP | App Service | ftp.appservice.<region>.<fqdn> (SSL Certificate) | appservice.<region>.<fqdn> scm.appservice.<region>.<fqdn> |
SSO | App Service | sso.appservice.<region>.<fqdn> (SSL Certificate) | appservice.<region>.<fqdn> scm.appservice.<region>.<fqdn> |
For more information about the public key infrastructure (PKI) certificates that are required to deploy Azure Stack Hub and how to obtain them, see Azure Stack Hub public key infrastructure certificate requirements on the Microsoft website.