HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


Installing an SSL certificate on Microsoft Azure Web App

An SSL certificate should be activated, validated and installed on the server. In case of Azure you will need to upload it to the Azure portal. The SSL certificate can be downloaded from the Namecheap account or the email; it should be converted into PKCS#12 (PFX) format containing a private key.

If you generated a CSR code for the certificate activation on your Windows server, it is necessary to take the following steps to receive a PFX file:

  1. Complete the certificate request through the IIS management console.
  2. Export the PFX file using either the MMC or IIS management console. Both options are described here.

In case you have an SSL certificate, a private key and CA bundle in separate files in PEM format, it can be converted into PFX using this tool.

Alternatively, an SSL certificate can be converted into the necessary format using the following OpenSSL command if you have a Linux-based terminal:

openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile CA_bundle.crt

Once you have the PFX file, you can upload it to the Azure portal in order to assign it to your Web App:

azur1

Once uploaded, the following steps should be taken to configure a secure HTTPS connection.

    • Go to App Services, select the name of your App and click SSL certificates under the Settings section:

azur2

    • You should see your SSL on the list. The next step is to set binding for the domain you would like to secure with the SSL certificate. Click on Add binding to proceed:

azur3

    • On the Add Binding panel, select the domain name you would like to secure. You may also select whether to use Server Name Indication (SNI) or an IP-based SSL. Click Add binding to complete the certificate installation:

azur4

Note: An IP-based SSL assigns your serverâ$™s public IP address to the domain name. This options requires each domain to have a dedicated IP.

SNI SSL allows multiple domains to share the same IP address with a separate certificate used for each domain name. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI; however, older browsers like Internet Explorer 6, Mozilla Firefox 2.0 or earlier may not support it. For more information on the Server Name Indication technology, check this article.

If you use the SNI SSL option, there is no need to take any other steps. However, if you created an IP-based SSL binding, App Service will create a dedicated IP address for the binding as an IP-based SSL requires one.

If you used an A record to point your custom domain to your Azure app, and you just added an IP-based SSL binding, you will need to update the existing A record in the domain DNS settings with the new IP address that was assigned to the domain.

You can find this IP address on the Custom domain page under settings of your app, right above the Hostnames section. It will be listed as External IP Address:

azur5

The certificate is now installed on the server. You may check it by opening the domain name in the browser and specifying the secure protocol: https://.

Certificate installation can also be verified with the help of the OpenSSL command:

openssl s_client -showcerts -connect :443 -servername -showcerts

Alternatively, feel free to use this online SSL checker. If the certificate is installed correctly, the result will be shown as follows:

azur6

 

Enforcing HTTPS for Azure Web App

In order to set an automatic HTTPS redirect for a secure connection, one needs to add a special redirect rule to the .web.config file. By default, it is located in the following folder D:\home\site\wwwroot The file can be modified through the Kudu debug console for your app located at https://.scm.azurewebsites.net/DebugConsole.
The rewrite rule should be added between tags:






appendQueryString="true" redirectType="Permanent" />

After the redirect is applied, anyone who enters example.com or www.example.com in a browser will be automatically redirected to https://example.com .

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123
45678910
11121314151617
18192021222324
25262728 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional