Azure Web Service SSL Setup

TL;DR

This guide shows you how to securely connect to your Azure web service using SSL certificates. We’ll cover getting a certificate, uploading it to Azure, and binding it to your app.

1. Get an SSL Certificate

You have several options for obtaining an SSL certificate:

• Azure App Service Managed Certificates (Free): The easiest option if you don’t need a custom domain or advanced features. Azure handles renewal automatically.
• Third-Party Certificate Authority (Paid): Companies like DigiCert, Sectigo, and GoDaddy provide certificates with more control and validation levels. You’ll need to purchase one and download it in PFX format.
• Self-Signed Certificates (Not Recommended for Production): Useful for testing but not trusted by browsers or clients.

For this guide, we’ll assume you have a certificate file in PFX format and know its password.

2. Upload the Certificate to Azure

1. Navigate to your App Service: In the Azure portal, find and open your web service app.
2. Open TLS/SSL Settings: Under ‘Settings’, select ‘TLS/SSL settings’.
3. Private Key Certificates (.pfx): Click ‘+ Upload Certificate’.
4. Provide Details: Enter a name for the certificate (e.g., ‘MyWebServiceCertificate’). Browse to your PFX file and enter the password. Click ‘Upload’.

3. Add a Custom Domain (If Applicable)

If you’re using a custom domain, ensure it’s configured correctly in Azure:

1. Custom Domains: In the left-hand menu of your App Service, select ‘Custom domains’.
2. Add Domain: Add your domain name and follow the instructions to create DNS records (A record and TXT record) at your domain registrar. This verifies ownership.

4. Bind the Certificate to Your App

1. Bindings: Back in ‘TLS/SSL settings’, select ‘Bindings’.
2. Add TLS/SSL Binding: Click ‘+ Add TLS/SSL binding’.
3. Configure Binding:
   • Custom Domain: Select your custom domain (or leave blank for the default app service domain).
   • Certificate: Choose the certificate you uploaded.
   • SSL Type: Select ‘SNI SSL’ (recommended) or ‘IP SSL’. SNI SSL allows multiple domains on a single IP address.
4. Click Add Binding: Save your changes.

5. Enforce HTTPS

Redirect all HTTP traffic to HTTPS for security:

1. TLS/SSL settings: Return to ‘TLS/SSL settings’.
2. HTTPS Only: Toggle the ‘HTTPS Only’ setting to ‘On’. This forces all requests to use HTTPS.

6. Test Your Connection

Verify that your web service is accessible via HTTPS:

• Browser Test: Open a browser and navigate to https://yourdomain.com (or the default app service domain if you haven’t added a custom domain). Check for a valid SSL certificate in the address bar.
• Command Line Test (using curl):

  curl -v https://yourdomain.com

  Look for ‘Server Certificate’ information in the output to confirm the certificate is being used.