Share via

Azure App Service - Custom Domain and SSL Binding

Anirudh Srinivas 0 Reputation points
2024-07-24T12:22:58.7433333+00:00

Hello,

We have an Azure Web App Service, where we create custom domains. I was recently given access to the "Contributor" role for this web app. I am able to create and verify custom domains successfully. However, the SSL binding is failing due to an error stating that I am not authorized to do this.

User's image

I have tried the following steps, but found no luck:

  1. Refreshed my credentials by logging out and log in back in, tried it in a different browser
  2. Checked with the Azure Admin and confirmed I have the Contributor role access
  3. The Contributor role does have the Certificate Write permission
    User's image
  4. I am using the below setting while binding the SSL.
    User's image

Any help related to this issue would be greatly appreciated. Thanks in advance.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bryan Trach 17,837 Reputation points Microsoft Employee Moderator
    2024-12-19T06:27:51.6333333+00:00

    @Anirudh Srinivas Changes to the SSL certificates of a site are viewed as a high impact and thus the only default role that is allowed to make changes is the owner role.

    Can you please go back to the web app owner and see if they will create a custom role for you that contain the following custom attributes for you to make changes to the SSL certificate(s) of the Azure Web App?

    • Microsoft.Web/certificates/write
    • Microsoft.Web/certificates/delete
    • Microsoft.Web/sites/config/sslcertificates/write
    • Microsoft.Web/sites/config/sslcertificates/delete
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.