Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simplify HTTPS steps for Storage Explorer #2323

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Simplify HTTPS steps for Storage Explorer #2323

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2fc9683
Simplify HTTPS steps for Storage Explorer
MRayermannMSFT Dec 11, 2023
c86b157
Add back warning about dotnet dev-certs
MRayermannMSFT Dec 11, 2023
51d69b3
Remove not needed section
MRayermannMSFT Dec 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 14 additions & 32 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -764,42 +764,24 @@ var client = new QueueClient(new Uri("https://127.0.0.1:10001/devstoreaccount1/q

#### Storage Explorer with Azurite HTTP

Connect to Azurite by click "Add Account" icon, then select "Attach to a local emulator" and click "Connect".
To connect Storage Explorer to Azurite over HTTP:
1. Open the connect dialog, via the plug icon in the vertial toolbar.
2. Select "Local storage emulator" and change values as needed. You can also select 'Storage account or service" on the first page, and enter in your own connection string.
3. Click "Next" and review the connection settings.
4. Finally click "Connect".

#### Storage Explorer with Azurite HTTPS

By default Storage Explorer will not open an HTTPS endpoint that uses a self-signed certificate. If you are running Azurite with HTTPS, then you are likely using a self-signed certificate. Fortunately, Storage Explorer allows you to import SSL certificates via the Edit -> SSL Certificates -> Import Certificates dialog.

##### Import Certificate to Storage Explorer

1. Find the certificate on your local machine.
- **OpenSSL**: You can find the PEM file at the location you created in the [HTTPS Setup](#https-setup) section above.
- **mkcert**: You need to import the RootCA.pem file, which can be found by executing this command in the terminal: `mkcert -CAROOT`. For mkcert, you want to import the RootCA.pem file, not the certificate file you created.
- **dotnet dev-certs**: Storage Explorer doesn't currently work with certs produced by `dotnet dev-certs`. We are tracking this issue on GitHub here: <https://github.com/microsoft/AzureStorageExplorer/issues/2859>
2. Open Storage Explorer -> Edit -> SSL Certificates -> Import Certificates and import your certificate.

If you do not set this, then you will get the following error:

```
unable to verify the first certificate
```

or

```
self signed certificate in chain
```

##### Add Azurite via HTTPS Connection String

Follow these steps to add Azurite HTTPS to Storage Explorer:

1. Right click on Local & Attached -> Storage Accounts and select "Connect to Azure Storage...".
2. Select "Use a connection string" and click Next.
3. Enter a name, i.e Azurite.
4. Enter the [HTTPS connection string](#https-connection-strings) from the previous section of this document and click Next.
> Storage Explorer does not currently work with certificates produced by `dotnet dev-certs`. While you can use them for Azurite and Azure SDKs, you won't be able to access the Azurite endpoints with Storage Explorer if you are using the certs created with dotnet dev-certs. We are tracking this issue on GitHub here: <https://github.com/microsoft/AzureStorageExplorer/issues/2859>

You can now explore the Azurite HTTPS endpoints with Storage Explorer.
To connect Storage Explorer to Azurite over HTTPS:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This instruction cannot work. I'm using Storage Explorer with version of 1.32.1. Can you check?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@EmmaZhu can you share at what step you got blocked and by what? I tested yesterday before opening the PR.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It reported error after #7 connected with https, when I click on under the connection session Blob Containers, Queues or Tables.

The error looks like following


"Unable to retrieve child resources

ProducerError:{
  "name": "Electron Net Error",
  "message": "net::ERR_CERT_AUTHORITY_INVALID",
  "stack": "Error: net::ERR_CERT_AUTHORITY_INVALID\n    at SimpleURLLoaderWrapper.<anonymous> (node:electron/js2c/browser_init:2:50234)\n    at SimpleURLLoaderWrapper.emit (node:events:513:28)",
  "cause": {}
}"

My alias is emmazhu. I can have a meeting with you to look into the issue.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@EmmaZhu thanks, I'll schedule a meeting if I get stuck trying to deduce the difference in our experiences. Which method of generating an HTTPS cert did you use? OpenSSL or dotnet?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @MRayermannMSFT , Seems you deleted step for import cert to Storage Explorer, customer cannot connect Storage Explorer and Azurite successfully with just following your steps. I think it'd be better to also have instruction to tell customer how to import cert for https.

Copy link
Author

@MRayermannMSFT MRayermannMSFT Dec 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@EmmaZhu,

Which method you used to initially create the SSL certificate for Azurite?

What OS are you testing on?

1. Open Settings, via the gear icon in the vertical toolbar.
2. Enter "system proxy" in the search box at the top of the settings page.
3. Under the "Proxy Configuration" setting, click the dropdown and choose "Use system proxy".
4. Open the connect dialog, via the plug icon in the vertial toolbar.
5. Select "Local storage emulator", change values as needed, and check the "Use HTTPS" checkbox. You can also select "Storage account or service" on the first page, and enter in your own connection string.
6. Click "Next" and review the connection settings.
7. Finally click "Connect".

## Workspace Structure

Expand Down
Loading