Bind a custom TLS/SSL certificate to a web app using PowerShell

This sample script creates a web app in App Service with its related resources, then binds the TLS/SSL certificate of a custom domain name to it.

If needed, install the Azure PowerShell using the instruction found in the Azure PowerShell guide, and then run Connect-AzAccount to create a connection with Azure. Also, ensure that:

  • A connection with Azure has been created using the az login command.
  • You have access to your domain registrar's DNS configuration page.
  • You have a valid .PFX file and its password for the TLS/SSL certificate you want to upload and bind.

Sample script

Note

We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

$fqdn="<Replace with your custom domain name>"
$pfxPath="<Replace with path to your .PFX file>"
$pfxPassword="<Replace with your .PFX password>"
$webappname="mywebapp$(Get-Random)"
$location="West Europe"

# Create a resource group.
New-AzResourceGroup -Name $webappname -Location $location

# Create an App Service plan in Free tier.
New-AzAppServicePlan -Name $webappname -Location $location `
-ResourceGroupName $webappname -Tier Free

# Create a web app.
$webapp = New-AzWebApp -Name $webappname -Location $location -AppServicePlan $webappname `
-ResourceGroupName $webappname

Write-Host "Sign in to your domain provider's website and configure the following records:"
Write-Host "A CNAME record that maps $fqdn to $webappname.azurewebsites.net"
Write-Host "A TXT record that maps asuid.$fqdn to the domain verification ID $($webapp.CustomDomainVerificationId)"
Read-Host "Press [Enter] key when ready ..."

# Before continuing, go to your DNS configuration UI for your custom domain and follow the 
# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for the 
# hostname "www" and point it your web app's default domain name.

# Upgrade App Service plan to Basic tier (minimum required by custom SSL certificates)
Set-AzAppServicePlan -Name $webappname -ResourceGroupName $webappname `
-Tier Basic

# Add a custom domain name to the web app. 
Set-AzWebApp -Name $webappname -ResourceGroupName $webappname `
-HostNames @($fqdn,"$webappname.azurewebsites.net")

# Upload and bind the SSL certificate to the web app.
New-AzWebAppSSLBinding -WebAppName $webappname -ResourceGroupName $webappname -Name $fqdn `
-CertificateFilePath $pfxPath -CertificatePassword $pfxPassword -SslState SniEnabled

Clean up deployment

After the script sample has been run, the following command can be used to remove the resource group, web app, and all related resources.

Remove-AzResourceGroup -Name myResourceGroup -Force

Script explanation

This script uses the following commands. Each command in the table links to command specific documentation.

Command Notes
New-AzResourceGroup Creates a resource group in which all resources are stored.
New-AzAppServicePlan Creates an App Service plan.
New-AzWebApp Creates a web app.
Set-AzAppServicePlan Modifies an App Service plan to change its pricing tier.
Set-AzWebApp Modifies a web app's configuration.
New-AzWebAppSSLBinding Creates a TLS/SSL certificate binding for a web app.

Next steps

For more information on the Azure PowerShell module, see Azure PowerShell documentation.

Additional Azure Powershell samples for Azure App Service Web Apps can be found in the Azure PowerShell samples.