SSL.com

Install an SSL/TLS Certificate in Microsoft Azure App Service/Web Apps

Time needed: 45 minutes

These instructions will show you how to install an SSL/TLS certificate and private key in a Microsoft Azure App Service web app and bind it to a custom domain. If you don’t have a certificate yet, please read Ordering and Retrieving SSL/TLS Certificates for full instructions on buying a certificate from SSL.com.

  1. Generate PKCS#12 file.

    Before you upload your certificate and private key to your Azure web app, you’ll need to combine them into a password-protected PKCS#12 file (also commonly known as a PFX or P12 file). You can generate this file with either or IIS or OpenSSL:

    Generate a PFX/P12 File for Azure with Windows
    Create a .pfx/.p12 Certificate File Using OpenSSL

  2. Open app in Azure.

    Navigate to your app in the Azure portal.
    Navigate to app

  3. Open TLS/SSL settings.

    Click TLS/SSL settings in the left sidebar menu.

  4. Click Private Key Certificates (.pfx).

    Select the Private Key Certificates (.pfx) tab.

  5. Click Upload Certificate.

    Click Upload Certificate to begin the certificate upload process.

  6. Upload certificate.

    Click the folder () icon and navigate to your PKCS#12 file, enter the PKCS#12 file’s password, then click the Upload button.

  7. Verify successful upload.

    You should see an alert message if your upload is successful, and your certificate will be shown in the Private Key Certificates list.

  8. Select Bindings tab.

    Now you can bind the certificate to your custom domain name. Select the Bindings tab.

  9. Click Add TLS/SSL Binding.

    Click Add TLS/SSL Binding to begin the process of binding your certificate to your web app’s domain name..

  10. Choose custom domain.

    Choose the domain name your certificate will protect from the Custom domain drop-down menu.

  11. Choose certificate.

    Choose the certificate you just uploaded from the Private Certificate Thumbprint drop-down menu.

  12. Choose TLS/SSL type.

    Select SNI SSL from the TLS/SSL Type drop-down menu.

  13. Add binding.

    Click the Add Binding button.

  14. Verify binding.

    You should see an alert message if your binding is successful, and your certificate will be shown in the TLS/SSL Bindings list.

  15. Update protocol settings.

    Now that your certificate is installed and bound to your domain name, you should make sure that your site is only served via HTTPS and a secure version of SSL/TLS. Under Protocol Settings, set HTTPS Only to On and Minimum TLS Version to 1.2.

  16. Finished!

    Your SSL/TLS certificate is now uploaded and bound to your web app.

Exit mobile version