Last week I wrote about adding an SSL cert to this blog. That left me the remaining task of figuring out how to force SSL for all connections. Azure doesn’t have a checkbox for this; the options are to make a change to the WordPress config, try a plug-in (a variation of changing the config), or add a URL rewrite rule. For no great reason I decided to go with the third option. I connected to the web site via FTP (see here for info on the credentials needed – not obvious) using Filezilla. I already had a web.config that looked like this (I saved a copy locally in case I needed to rollback):
Then I added the rule to the local copy, did a quick check that it was well formed XML using Notepad++ with the XML Tools plug-in, and saved locally:
Then I just FTP’d back to the wwwroot folder:
It seemed to pick up the change automatically when I tested a few pages. Fairly painless as things go, or so it seems so far! Next was an external check to see if it working. I used the free SSL test from Qualys:
A grade of B, which doesn’t seem horrible. I couldn’t find anything about how to fix the forward secrecy issue without access to the registry, which I don’t have. I suspect the same is true for the RC4 issue. I’d want a perfect score if I was handling credit cards or real secrets, but for now this seems like a reasonable return on the time invested. Now I just need to monitor to see if anything breaks, and remember to renew the certificate in just less than a year.