Subscribe

Adding SSL to our Azure Node app

✍️

How can we make our Azure App secure?

1 Oct, 2020 · 3 min read

So far, we have had some cool introductions to Azure, exploring the following topics.

In this article, we will learn how to bind an SSL to our custom domain in the Azure App.

Having an SSL on a domain is very important. Most browsers are blocking non-secure websites, so it’s a no-go not to have an SSL.

Note: Like the custom domain, this is not available on the free tier!

SSL Options

There are quite a few options for adding an SSL to a domain.

The simplest way is to buy an SSL from an authority like Comodo or your domain provider.

For me, I’m going with a free alternative 💸.

We can go for Let’s Encrypt, but it’s a bit difficult to get that working on Azure, so in our instance, we are using ZeroSSL.

Getting our SSL from ZeroSSL

Let’s start by getting our actual certificate from ZeroSSL. Visit the Zero SSL website and fill out your domain in the header section.

ZeroSSL step 1

We can then create a free account.

ZeroSSL free registration

In the following section, we can finalize the details for our SSL certificate. In the first section, we select the 90-day option since that’s free.

We do have to re-enter every 90 days (us cheapskates)

ZeroSSL options

In step two, we check the option to generate the CSR automatically. We don’t want to do this ourselves.

ZeroSSL auto CSR

In step three, we select the free option.

ZeroSSL free SSL

In the next step, we select our verification method. For me, using the DNS option is the quickest way, so I’m choosing that one.

ZeroSSL verification

Verifying the SSL via CNAME

At this point, we need to go to our domain registrar (Netlify for me) and visit our DNS section.

Add a new DNS record that will have the following setup.

  • Type: CNAME
  • Name: What ZeroSSL gave you
  • Value: The value ZeroSSL provided you
  • TTL: 3600 or less

DNS Settings

Once we added this, head back to ZeroSSL and click “Verify Domain”.

You can then download the default ZIP from here.

ZeroSSL Download SSL Certificate

Adding the SSL to our Azure App Service

Now that we have our SSL, we can add it to our Azure App Service.

Go to your App Service in Azure and click the “Custom Domains” option.

Azure Custom domain section

If you do not already have a custom domain, view this article on adding an Azure custom domain.

We can then click on the “Add Binding” option. A side-draw will open up.

Azure SSL Binding

As you can see, in the above screenshot, it’s asking for a PFX Certificate. We did not receive that from ZeroSSL, so we need to convert our existing certificate.

Visit SSL Shopper Converted and upload the received documents. As output, you can choose PFX.

We need to provide the following details:

  • Certificate file: certificate.crt
  • Private key file: private.key
  • Chain certificate file: ca_bundle.crt
  • Type of current certificate: Standard PEM
  • Type to convert to: PFX/PKCS#12
  • PFX Password: {Whateveryouwant}

You must use a password to make it valid for Azure.

SSL Converter

Now head back to Azure and click Upload PFX Certificate.

Choose the PFX certificate and password you used above.

Azure SSL PFX

Be aware; It might take some time before it’s valid (5-10 minutes)

In the next step, select the options from the dropdown.

Azure SSL Options

Now, if we click Finish, we have a secure domain!

Azure Secure domain

And if we visit our secure domain, we can inspect our certificate to see if it works.

Chrome inspect SSL Certificate

Thank you for reading, and let’s connect!

Thank you for reading my blog. Feel free to subscribe to my email newsletter and connect on Facebook or Twitter

Spread the knowledge with fellow developers on Twitter
Tweet this tip
Powered by Webmentions - Learn more

Read next 📖

Node.js read and write from Azure Table Storage

2 Oct, 2020 · 9 min read

Node.js read and write from Azure Table Storage

Azure App Service: Add a custom domain

27 Sep, 2020 · 2 min read

Azure App Service: Add a custom domain

Join 2097 devs and subscribe to my newsletter