Share via

Confusion over Azure TLS/SSL Settings, F1 App Service Plan and SSL Certificates

Jeff East 21 Reputation points
2021-03-10T21:48:15.733+00:00

I have succeeded in confusing myself beyond all expectations.

I have a simple Web Service which has existed for several years. Access to it has been through http, however I wanted to switch to https.

Trying to find the documentation describing how to do this simple transformation has been "trying".

It appears to be as simple as clicking the "HTTPS Only" radio button in the portal's TLS/SSL Settings page. In this case, it appears to use a general certificate that covers all *.azurewebsites.net URLs. (It'd be nice if this were clearly documented).

It also appears as if you can't use a 3rd-party certificate, issued to your explicit domain name, in the F1 pricing tier (free tier). It looks like you have to pick at minimum, the B1 plan (at $54/mo) if you want to provide your own certificate (which I think would be absolutely irresponsible, except Microsoft allows the use of its *.azurewebsites.net certificate).

It's taken me an absurdly amount of effort to figure all this out.

Have I got it right, or is there something vital I've missed?

thanks!
Jeff

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,968 questions
0 comments
Accepted answer
  1. SnehaAgrawal-MSFT 22,706 Reputation points Moderator
    2021-03-11T12:40:18.507+00:00

    Thanks for asking question! If I am understanding right you have custom domain and you want to secure it which means access your App Service app at the https:// endpoint.

    So to elaborate Custom SSL is not supported in the F1 or D1 tier and you need to Scale up your App Service plan.

    Coming to how to Secure a custom domain: You need to follow below steps.

    1. Go to Azure portal > select your App Services.
    2. From the left navigation of your app select TLS/SSL settings > Add TLS/SSL binding
    3. In Custom Domain, select the custom domain you want to add a binding for.
    4. If your app already has a certificate for the selected custom domain, go to Create binding directly. Otherwise you need to Add a
      certificate for custom domain.
    5. If your app has no certificate for the selected custom domain, then you have below options:
      Upload PFX Certificate - Follow the workflow at Upload a private certificate, then select this option here.
      Import App Service Certificate - Follow the workflow at Import an App Service certificate, then select this option here.
      You can also Create a free certificate (Preview) 6. After that you have to Create binding (Check this table to help you configure the TLS binding) in the TLS/SSL Binding dialog >
      then click Add Binding. 7. Once the operation is complete, the custom domain's TLS/SSL state is changed to Secure.

    Clarifying HTTPS Only Feature:

    Further you may want to know that after completing above By default, anyone can still access your app using HTTP but if you want you can redirect all HTTP requests to the HTTPS port by using HTTPS Only, select On feature.

    For more details suggest you to refer this official document : https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-bindings

    Hope this simplifies you. Let me know if you have further query on this.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.