So far, we have had some cool introductions to Azure, exploring the following topics.
- Deploying a Node app to Azure
- GitHub automated-deployments to Azure
- Adding a custom domain to Azure App Service
In this article, we will learn how to bind an SSL to our custom domain in the Azure App.
Having an SSL on a domain is very important. Most browsers are blocking non-secure websites, so it's a no-go not to have an SSL.
Note: Like the custom domain, this is not available on the free tier!
There are quite a few options for adding an SSL to a domain.
The simplest way is to buy an SSL from an authority like Comodo or your domain provider.
For me, I'm going with a free alternative 💸.
Getting our SSL from ZeroSSL
Let's start by getting our actual certificate from ZeroSSL. Visit the Zero SSL website and fill out your domain in the header section.
We can then create a free account.
In the following section, we can finalize the details for our SSL certificate. In the first section, we select the 90-day option since that's free.
We do have to re-enter every 90 days (us cheapskates)
In step two, we check the option to generate the CSR automatically. We don't want to do this ourselves.
In step three, we select the free option.
In the next step, we select our verification method. For me, using the DNS option is the quickest way, so I'm choosing that one.
Verifying the SSL via CNAME
At this point, we need to go to our domain registrar (Netlify for me) and visit our DNS section.
Add a new DNS record that will have the following setup.
- Type: CNAME
- Name: What ZeroSSL gave you
- Value: The value ZeroSSL provided you
- TTL: 3600 or less
Once we added this, head back to ZeroSSL and click "Verify Domain".
You can then download the default ZIP from here.
Adding the SSL to our Azure App Service
Now that we have our SSL, we can add it to our Azure App Service.
Go to your App Service in Azure and click the "Custom Domains" option.
If you do not already have a custom domain, view this article on adding an Azure custom domain.
We can then click on the "Add Binding" option. A side-draw will open up.
As you can see, in the above screenshot, it's asking for a
We did not receive that from ZeroSSL, so we need to convert our existing certificate.
Visit SSL Shopper Converted and upload the received documents.
As output, you can choose
We need to provide the following details:
- Certificate file: certificate.crt
- Private key file: private.key
- Chain certificate file: ca_bundle.crt
- Type of current certificate: Standard PEM
- Type to convert to: PFX/PKCS#12
- PFX Password:
You must use a password to make it valid for Azure.
Now head back to Azure and click
Upload PFX Certificate.
Choose the PFX certificate and password you used above.
Be aware; It might take some time before it's valid (5-10 minutes)
In the next step, select the options from the dropdown.
Now, if we click Finish, we have a secure domain!
And if we visit our secure domain, we can inspect our certificate to see if it works.