Installing an SSL certificate on Microsoft Azure Web App
- Category : SSL Installation
- Posted on : Feb 17, 2022
- Views : 1,592
- By : HostSEO
An SSL certificate should be activated, validated and installed on the server. In case of Azure you will need to upload it to the Azure portal. The SSL certificate can be downloaded from the Namecheap account or the email; it should be converted into PKCS#12 (PFX) format containing a private key.
If you generated a CSR code for the certificate activation on your Windows server, it is necessary to take the following steps to receive a PFX file:
- Complete the certificate request through the IIS management console.
- Export the PFX file using either the MMC or IIS management console. Both options are described here.
In case you have an SSL certificate, a private key and CA bundle in separate files in PEM format, it can be converted into PFX using this tool.
Alternatively, an SSL certificate can be converted into the necessary format using the following OpenSSL command if you have a Linux-based terminal:
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile CA_bundle.crt
Once you have the PFX file, you can upload it to the Azure portal in order to assign it to your Web App:
Once uploaded, the following steps should be taken to configure a secure HTTPS connection.
- Go to App Services, select the name of your App and click SSL certificates under the Settings section:
- You should see your SSL on the list. The next step is to set binding for the domain you would like to secure with the SSL certificate. Click on Add binding to proceed:
- On the Add Binding panel, select the domain name you would like to secure. You may also select whether to use Server Name Indication (SNI) or an IP-based SSL. Click Add binding to complete the certificate installation:
Note: An IP-based SSL assigns your serverâ$™s public IP address to the domain name. This options requires each domain to have a dedicated IP.
SNI SSL allows multiple domains to share the same IP address with a separate certificate used for each domain name. Most modern browsers (including Internet Explorer, Chrome, Firefox and Opera) support SNI; however, older browsers like Internet Explorer 6, Mozilla Firefox 2.0 or earlier may not support it. For more information on the Server Name Indication technology, check this article.
If you use the SNI SSL option, there is no need to take any other steps. However, if you created an IP-based SSL binding, App Service will create a dedicated IP address for the binding as an IP-based SSL requires one.
If you used an A record to point your custom domain to your Azure app, and you just added an IP-based SSL binding, you will need to update the existing A record in the domain DNS settings with the new IP address that was assigned to the domain.
You can find this IP address on the Custom domain page under settings of your app, right above the Hostnames section. It will be listed as External IP Address:
The certificate is now installed on the server. You may check it by opening the domain name in the browser and specifying the secure protocol: https://.
Certificate installation can also be verified with the help of the OpenSSL command:
openssl s_client -showcerts -connect :443 -servername -showcerts
Alternatively, feel free to use this online SSL checker. If the certificate is installed correctly, the result will be shown as follows:
Enforcing HTTPS for Azure Web App
In order to set an automatic HTTPS redirect for a secure connection, one needs to add a special redirect rule to the .web.config file. By default, it is located in the following folder D:\home\site\wwwroot The file can be modified through the Kudu debug console for your app located at https://.scm.azurewebsites.net/DebugConsole.
The rewrite rule should be added between tags:
appendQueryString="true" redirectType="Permanent" />
After the redirect is applied, anyone who enters example.com or www.example.com in a browser will be automatically redirected to https://example.com .
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu