Create Managed Certificate for site migrating from GCP

Jeff Conover 21 Reputation points
2022-09-01T09:11:59.787+00:00

Hello,

I have a chicken and the egg situation it appears and am trying to figure out how to get past this. We have a website currently hosted on GCP that we are migrating to Azure. The DNS (A/CNAME(s)) are obviously pointing at the current live site and must continue to do so until the new site is 100% ready for the pointers to change. To setup our managed certificates, we need to have the A name pointing to the IP of the App Service and the CNAME pointing to the xxx.azurewebsites.net. Now considering we cannot move these until SSL is working correctly how on Earth do you migrate without downtime?

Doing it on AWS is easy, same with GCP but I just cannot figure out how you are intended to do this seamlessly with the A/CNAME requirements on Azure.

Thanks in advance for any pointers on this.

Regards,

Jeff

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
718 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,909 questions
0 comments
Accepted answer
  1. brtrach-MSFT 15,256 Reputation points Microsoft Employee
    2022-09-13T02:25:30.307+00:00

    @Jeff Conover We apologize for the delay in reaching out to you. We understand you are wanting to migrate your site over to an Azure Web App and are looking to minimize downtime.

    Please note that Azure Managed Certificates are sometimes best to be used in dev/test environments due to the limitations around them. If you need 100% uptime, then I would suggest that you need to look into purchasing a standard or wildcard certificate.

    In regard to SSL certificates, if your app is already in production, we assume you likely have an SSL certificate. If you can obtain a copy of that certificate file, then please upload the certificate to your SSL certificates blade of your web app. Note that it will need to be in the .PFX file format. At a later date you could then switch over to either a managed certificate or purchase a standard/wildcard certificate (these are nice as they reduce the amount of effort required by the owner).

    Or

    If you cannot export your current SSL certificate, you can purchase a standard/wildcard certificate by following these steps. Make sure that the purchased SSL certificate is showing up in the SSL certificates blade as part of step 1 below.

    1. You will need to have your web app setup and configured, and site files deployed. Also make sure you have uploaded a copy of your SSL certificate or purchased
    2. Follow these steps here, which talk about adding your custom domain to your web app to preemptively avoid downtime for DNS routing.
    3. Unless you need an A record, we advise against using A records within DNS. The A record IP address in very rare cases could change and thus cause availability issues for your app. If you are going this path due to a project requirement, please let us know so we can provide you with steps on how to obtain a dedicated inbound IP address.
    4. Once your DNS is updated with the necessary CNAME records you can then immediately go into the SSL blade and bind your certificate to your custom domain.

    Please let us know if you have any further questions.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest