Your Browser is Out of Date

ShareDemos uses technology that works best in other browsers.
For a full experience use one of the browsers below
Concepts Guide—Dell EMC Integrated System for Microsoft Azure Stack Hub

close

view all chapters

Prerequisites
Environmental requirements Power distribution unit (PDU) power-drop requirements Azure connection, identity store, and billing-model decisions Choosing connection options and identity store Features that are impaired or unavailable in disconnected mode Required customer-provided security certificates Mandatory certificates Optional PaaS certificates Certificate requirements and validation License requirements Azure Stack Hub endpoints and customer port requirements

Optional PaaS certificates

Optional PaaS certificates

  • Note All certificates that are listed in this section must have the same password.

    If you plan to deploy the additional Azure Stack Hub PaaS services (SQL, MySQL, and App Service) after Azure Stack Hub has been deployed and configured, you must request additional certificates to cover the endpoints of the PaaS services.

    Note: The certificates that you use for SQL, MySQL, and App Service resource providers must have the same root authority as those certificates used for the global Azure Stack Hub endpoints.

    The following table describes the endpoints and certificates that are required for the SQL and MySQL adapters and for App Service. You do not need to copy these certificates to the Azure Stack Hub deployment folder. Instead, provide these certificates when you install the additional resource providers.

    Table 17.           Certificates and endpoints for additional PaaS services

    Certificate

    Scope
    (per region)

    Required certificate subject and SANs

    Subdomain namespace

    SQL and MySQL

    SQL, MySQL

    *.dbadapter.<region>.<fqdn>

    (Wildcard SSL Certificate)

    dbadapter.<region>.<fqdn>

    Web Traffic Default SSL Cert

    App Service

    *.appservice.<region>.<fqdn>

    *.scm.appservice.<region>.<fqdn>

    *.sso.appservice.<region>.<fqdn>

    (Multi Domain Wildcard SSL Certificate)

    appservice.<region>.<fqdn>

    scm.appservice.<region>.<fqdn>

    API

    App Service

    api.appservice.<region>.<fqdn>

    (SSL Certificate)

    appservice.<region>.<fqdn>

    scm.appservice.<region>.<fqdn>

    FTP

    App Service

    ftp.appservice.<region>.<fqdn>

    (SSL Certificate)

    appservice.<region>.<fqdn>

    scm.appservice.<region>.<fqdn>

    SSO

    App Service

    sso.appservice.<region>.<fqdn>

    (SSL Certificate)

    appservice.<region>.<fqdn>

    scm.appservice.<region>.<fqdn>

    Notes

    Multi Domain Wildcard SSL Certificate—Requires one certificate with multiple wildcard SANs. Not all Public Certificate Authorities support multiple wildcard SANs on a single certificate.

    SSL Certificate—An *.appservice.<region>.<fqdn> wildcard certificate cannot be used in place of the following certificates: (api.appservice.<region>.<fqdn>, ftp.appservice.<region>.<fqdn>, and sso.appservice.<region>.<fqdn>. Appservice explicitly requires the use of separate certificates for these endpoints.

    For more information about the public key infrastructure (PKI) certificates that are required to deploy Azure Stack Hub and how to obtain them, see Azure Stack Hub public key infrastructure certificate requirements on the Microsoft website.