SSL cert not updating for Power Page

Ashwani Jaiswal 5 Reputation points
2023-02-09T07:35:14.0166667+00:00

I have added custom domain and SSL cert for my Power Page site through PowerPlatform admin site. And have also created binding and validation was also successful.

However while browsing the site through custom URL it show SSL warning as its insecure. While looking into the browser SSL it says that the certificate for *.azureedge.net doesn't match the domain in the URL - which is true!

Not sure why its not getting updated with the custom SSL I had added and says invalid certificate.

Why is Azure CDN reporting their hostname instead of the custom hostname I have configured?cdn

Any suggestions appreciated!

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
42,048 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,806 Reputation points Microsoft Employee
    2023-02-09T12:46:39.69+00:00

    Hello @Ashwani Jaiswal ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you have added custom domain and SSL certificate to your Power Page site through Power Platform admin site, created binding and validation was successful. This site is hosted behind Azure CDN and when browsing to this site through the custom URL, it shows SSL warning as its insecure and the SSL says that the certificate for "*.azureedge.net" doesn't match the domain in the URL.

    I'm not sure if you have added the custom domain and the SSL certificate to the Azure CDN endpoint but below is the process to get it done.

    The endpoint name in your CDN profile is a subdomain of azureedge.net. Azure CDN provides the option of associating a custom domain with a CDN endpoint. This option delivers content with a custom domain in your URL instead of the default domain (azureedge.net).

    To add a custom domain to your Azure CDN endpoint, follow below doc:

    https://learn.microsoft.com/en-us/azure/cdn/cdn-map-content-to-custom-domain?toc=%2Fazure%2Ffrontdoor%2FTOC.json&tabs=azure-dns%2Cazure-portal%2Cazure-portal-cleanup

    Now, to ensure your sensitive data is delivered securely via TLS/SSL, you can enable HTTPS protocol on your custom domain (for example, https://www.contoso.com). When your web browser is connected via HTTPS, the browser validates the web site’s certificate. The browser verifies it’s issued by a legitimate certificate authority. This process provides security and protects your web applications from attacks.

    Azure CDN supports HTTPS on a CDN endpoint hostname, by default. For example, if you create a CDN endpoint (such as https://contoso.azureedge.net), HTTPS is automatically enabled for "azureedge.net".

    But if you want to enable HTTPS on an Azure CDN custom domain, you need to follow the process provided in the below doc:

    https://learn.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?toc=%2Fazure%2Ffrontdoor%2FTOC.json&tabs=option-1-default-enable-https-with-a-cdn-managed-certificate

    Some of the key attributes of the custom HTTPS feature on Azure CDN are:

    • No extra cost: There aren't costs for certificate acquisition or renewal and no extra cost for HTTPS traffic. You pay only for GB egress from the CDN.
    • Simple enablement: One-click provisioning is available from the Azure portal. You can also use REST API or other developer tools to enable the feature.
    • Complete certificate management is available:
    • All certificate procurement and management is handled for you.
    • Certificates are automatically provisioned and renewed before expiration.

    To enable HTTPS on an Azure CDN custom domain, you use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure CDN or use your own certificate.

    NOTE: Enabling HTTPS with your own certificate or BYOC option is available only with Azure CDN from Microsoft and Azure CDN from Verizon profiles. This process is done through an integration with Azure Key Vault, which allows you to store your certificates securely. And the certificate must have a complete certificate chain with leaf and intermediate certificates, and root CA must be part of the Microsoft Trusted CA List.

    Once, you enable HTTPS on your Azure CDN custom domain with managed/BYOC certificate and access your custom domain URL, the browser should be able to verify the certificate properly.

    If the above configurations are already done by you on your Azure CDN endpoint, then please share the below details for further discussion:

    • Which Azure CDN product you are using (Azure CDN Standard from Microsoft/ Azure CDN Standard from Akamai/Azure CDN Standard from Verizon/Azure CDN Premium from Verizon)?
    • Are you using your own certificate on Azure CDN to enable the HTTPS feature? If yes, does the certificate have a complete certificate chain with leaf and intermediate certificates and root CA? And is it a part of Microsoft Trusted CA list?

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.