This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 34%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
We have a vendor that hosts the Web App Intelledoc's for us. Recent changes from Google have been causing the site to get flagged as "unsafe" - "Warning Deceptive Site ahead".
https://security.googleblog.com/2019/06/new-chrome-protections-from-deception.html
The vendor has asked us to provide them a PFX certificate for subdomains to essentially: "have these sites validated by the customer by incorporating them into the customers internet domain. "
However, I have a great many reservations about doing this, as I've been told to NEVER give a 3rd party a PFX cert.
I know you can use PFX certs with Azure Web Apps, but that's presuming you're using them in your environment, not giving them to someone else's azure environment.
1: Am I correct in being resistant to this suggestion?
2: If there another way to accomplish the same objective without giving them a PFX cert?
Apologies, but I just don't deal with certificates very often. Perhaps once every year or two??
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Thanks for asking question! If I understood right it sounds like your vendor is asking for an SSL certificate for the vendor’s application, but the domain on the vendor’s application is actually a sub-domain from your DNS zone.
Ultimately its up to you as to whether or not you trust your vendor. Assuming so, It does sound like the only work around is for you is to provide your vendor with a TLS certificate for the sub-domain being used by the vendor app on your behalf.
I don't have an issue provided them a certificate, but a PFX?? Indeed, it's a 'do we trust the vendor' and my answer would always be: Maybe yes, maybe no. How could you even be certain?
Consider how many big named companies have had security breaches over the past few year. So, I'd error on the side of caution.
Is a PFX a normal requirement for an Azure hosted web app?
Sorry - SnehaAgrawal - I meant to say: THANK YOU, for responding. I appreciate any insight into this situation.
Thanks for reply! If your app has no certificate for the selected custom domain, then you have following lists of options for adding certificates in Azure App Service.
Reference: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate