Need to remove .azurewebsites.net cert from my App Service custom domain

Michael Dunkel 0 Reputation points
2024-05-01T16:49:00.6666667+00:00

I have an App Service servicing an API for a device with older, finicky SSL requirements. It can't accept multiple SSL certs on a domain and recognize the appropriate one to use, the domain has to only have the single cert it expects.

In addition to the default *.azurewebsites.net domain we have created two custom domains. Each of them has a cert assigned to them with the SNI SSL binding type. The issue is that while each custom domain has the appropriate bound cert, according to the devices (and to SSL Labs server test) both of the custom domains are also returning the *.azurewebsites.net ssl cert as well.

Originally we only had a single custom domain, and the cert was attached with an IP binding rather than SNI, and that kept the default cert from being passed on. However when we created the second custom domain the IP-based binding from the first domain was returned to the second domain. In order to ensure that each cert stayed in it's own domain we had to bind them as SNI SSL, but that leads to the default cert coming through as well.

Is there a way to restrict this default cert from the custom domains using App Service configuration? I would prefer not to create additional App Service Domain resources to wrap my App Service.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,985 questions
{count} votes