Configuring SSL certificates for an Azure website
Azure website fully supports SSL certificates by default. For example, if your website name is contoso-web, you can simply open the browser and access it using HTTP or https such as:
Azurewebsites.net domain is a shared domain and thus the wildcard certificate offering SSL is also shared. It provides you with the custom domain along with the SSL certificate. You may not want to use the shared domain for a public-facing site. Though there is always a support for cases where the shared domain is needed
Most of these websites have a custom domain and therefore its essential to configure SSL. Also, you need to make sure to set the website in standard mode to support the configuration process. Follow the below-listed steps to configure an Azure website with a custom domain. Keep in mind ,for configuring SSL for an Azure website with a custom domain, the website must be configured for Standard mode.
1. Obtaining an SSL certificate
A certificate authority must sign your SSL certificate, and the certificate must adhere to the following requirements:
- The certificate must contains a private key.
- The certificate must be created for key exchange that can be exported to a Personal Information Exchange (.pfx) file.
- The certificate’s subject name must match the custom domain. If you have multiple custom domains for your website, the certificate will need to be either a wildcard certificate or have a subject alternative name (SAN).
- The certificate should use 2048-bit (or higher) encryption. Uploading the SSL certificate to Azure
2. Upload the SSL certificate to Azure
Once you get the approved SSL certificate, you can post it to Azure using the management portal. For this purpose, click on the domains and SSL portion in the Site Setting blade for your website as demonstrated in Figure 1. It will provide you with the SSL settings blade for your site where you can upload the certificate
FIGURE 1 The Configuration section of the Website blade showing the Domains and SSL part
3. Configuring the SSL bindings
When the SSL certificate is uploaded to your azure website, the final step in this entire process is to configure the SSL bindings. Azure websites supports Server Name Indication (SNI) SSL and the standard IP-based SSL. You can align the SSL bindings in the management portal through the SSL settings blade as shown in Figure. For every binding, you need to specify the custom domain name, the SSL certificate required for the custom domain and choosing either SNI SSL or IP-based SSL. You can configure the SSL bindings in the management portal in the SSL Settings blade referenced as shown in Figure 2. For each binding you must specify the following:
- The custom domain name.
- The SSL certificate to use for the custom domain.
- Select either SNI SSL or IP-based SSL.
If you select IP-based SSL for your SSL binding and your custom domain is configured using an A record, then you will be provided with a new dedicated IP address to your website by Azure. This new IP address will be different from the prior one which you have used to configure the A record. Also, it is crucial to update the A record with your DNS registrar by using a fresh virtual IP address. You can find the virtual IP address in the management portal by clicking on the properties part of the website blade.
This article is a part of 70-533 Implementing Microsoft Azure Infrastructure Solutions Prep course.
More Articles included in this course are
Practice Tests in this course are