server certificates using "App Service Certificates"

Question

server certificates using "App Service Certificates"

畦田信治 0

Does issuing server certificates using "App Service Certificates" comply with the IPA's "TLS Cipher Settings Guidelines"?

https://www.ipa.go.jp/security/crypto/guideline/gmcbt80000005ufv-att/ipa-cryptrec-gl-3001-3.1.0.pdf

Specifically, I would like to confirm whether or not the requirements in "5.2 Server Certificates" on page 49 are met,

but I am unable to find any documentation that clearly states this.

Bhargavi Naragani 5,575 Reputation points Microsoft External Staff Moderator

2025-05-16T04:26:42.8433333+00:00
Hi @畦田信治,

It seems like you're inquiring about the server certificates issued using Azure App Service Certificates comply with the Information-technology Promotion Agency (IPA) of Japan’s TLS Cipher Settings Guidelines, particularly the requirements described in Section 5.2: Server Certificates (page 49) of version 3.1.0 of the guideline: https://www.ipa.go.jp/security/crypto/guideline/gmcbt80000005ufv-att/ipa-cryptrec-gl-3001-3.1.0.pdf

Yes, App Service Certificates are compliant with the IPA’s "TLS Cipher Settings Guidelines", including Section 5.2 on server certificate requirements, as long as TLS 1.2 or later is enforced and the appropriate cipher settings are applied (which are available and configurable in Azure).

Azure App Service, including its App Service Certificates feature, meets the core requirements of IPA’s TLS guidelines, as outlined below:

TLS Protocol Support Azure App Service supports:

TLS 1.2 (enabled by default)

TLS 1.3 (supported for incoming client requests) Overview of TLS/SSL in Azure App Service

App Service uses strong modern cipher suites by default, including: For TLS 1.3:

TLS_AES_256_GCM_SHA384

TLS_AES_128_GCM_SHA256

For TLS 1.2:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

These match the IPA-recommended cipher sets. FAQ on App Service Cipher Suites

Certificates issued through App Service Certificates use RSA 2048-bit keys (minimum), SHA-256 or stronger for digital signatures. This complies with IPA’s requirements for key strength and secure hash algorithms.

If further control is required, you can Disable weaker cipher suites (available on Premium plans and above), Set a minimum TLS version in the App Service configuration. You can configure these settings in the Azure Portal under your App Service > TLS/SSL settings.

Hope this helps, if you have any further concerns or queries, please feel free to reach out to us.
Laxman Reddy Revuri 5,405 Reputation points Microsoft External Staff Moderator

2025-05-16T11:47:27.01+00:00

Hi @畦田信治,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Siva Nair 2,420 Reputation points Microsoft External Staff Moderator

2025-05-16T20:53:49.1233333+00:00

Hi @畦田信治,

Just checking back to see if the above response was helpful or you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Gaurav Kumar 780 Reputation points Microsoft External Staff Moderator

2025-05-20T02:11:09.1933333+00:00

Hi @畦田信治,

Following up to check if the issue is resolved or if you need any further assistance. Let me know how it's going!
Sampath 3,750 Reputation points Microsoft External Staff Moderator

2025-05-20T02:19:22.62+00:00

Hi @畦田信治,
Azure App Service Certificates provide various options for securing applications, including free managed certificates and private certificates. While Azure App Service follows industry standards for TLS security, including recommendations for cipher suites,

FAQ on App Service cipher suites

Refer this doc for What is TLS/SSL in Azure App Service
Gaurav Kumar 780 Reputation points Microsoft External Staff Moderator

2025-05-23T04:18:05.7633333+00:00

Hi @畦田信治,

We haven’t received any response from you yet. If you're still facing any issues, please feel free to click on the comment section and let us know. We’re happy to assist you!

2 answers

Your answer

Laxman Reddy Revuri 5,405 Reputation points Microsoft External Staff Moderator

2025-05-16T11:47:27.01+00:00

Hi @畦田信治,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Siva Nair 2,420 Reputation points Microsoft External Staff Moderator

2025-05-16T20:53:49.1233333+00:00

Hi @畦田信治,

Just checking back to see if the above response was helpful or you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Gaurav Kumar 780 Reputation points Microsoft External Staff Moderator

2025-05-20T02:11:09.1933333+00:00

Hi @畦田信治,

Following up to check if the issue is resolved or if you need any further assistance. Let me know how it's going!
Sampath 3,750 Reputation points Microsoft External Staff Moderator

2025-05-20T02:19:22.62+00:00

Hi @畦田信治,
Azure App Service Certificates provide various options for securing applications, including free managed certificates and private certificates. While Azure App Service follows industry standards for TLS security, including recommendations for cipher suites,

FAQ on App Service cipher suites

Refer this doc for What is TLS/SSL in Azure App Service
Gaurav Kumar 780 Reputation points Microsoft External Staff Moderator

2025-05-23T04:18:05.7633333+00:00

Hi @畦田信治,

We haven’t received any response from you yet. If you're still facing any issues, please feel free to click on the comment section and let us know. We’re happy to assist you!

Answer 1

Shinji Aota-sama,畦田信治

Q&A portaru nite "App Service Certificates" o shiyō shita sābā shōmeisho ni kansuru goshitsumon o tōkō itadaki, makoto ni arigatō gozaimasu. IPA no "TLS angō settei gaidorain" e no junkyo ni tsuite otazune itadaita ken, kanō na kagiri wakariyasuku go-setsumei sasete itadakimasu.

Azure App Service Certificates wa, shinrai sareta nintei kikan (deforuto de wa DigiCert) ni yotte hakko sare, gendai-teki na angōka hyōjun o sapōto shite orimasu. Microsoft ga chiiki-goto no gaidorain e no junkyo o meijiteki ni kijō shite inai wake de wa arimasen ga, hon-sābisu de seisei sareru shōmeisho wa ippan-teki ni TLS ni okeru gyōkai no besuto purakutisu ni sotte imasu. Tatoeba, RSA 2048-bitto ijō no kagi-chō ya SHA-256 hasshu o sapōto shite ori, sekuritē yōken no ōku o mitashite imasu. Shōsai wa Microsoft kōsho dokyumento "Azure App Service deno TLS/SSL binding o shiyō shita kasutamu DNS-mei no hogo" o go-sanshō kudasai.

IPA gaidorain no "5.2 Sābā shōmeisho" (yūkō kikan ya kagi shiyō-hō nado) ni kan shite wa, App Service Certificates mo dōyō no kijun o oyoso mitashite imasu. Tadashi, Microsoft ga gaibu kikaku to no chokusetsu-teki na taiō-hyō o kōkai shite inai tame, ichibu no kōmoku wa go-jishin de no kakunin ga hitsuyō to naru kanōsei ga gozaimasu. Tatoeba, shōmeisho no deforuto yūkō kikan wa 1-nenkan de ari, kore wa ōku no sekuritē furemuwāku de saiyō sarete iru kikan de gozaimasu. Azure deno shōmeisho kanri no shōsai wa "Azure App Service deno TLS shōmeisho no kanri" o goran kudasai.

Moshi tsuika de go-fumei na ten ga gozaimashitara, enryo naku o-shirase kudasai. TLS ya shōmeisho kanri wa shoshinsha no kata ni wa fukuzatsu ni kanjirareru kamo shiremasen node, kanō na kagiri sapōto sasete itadakimasu.

Keigu,
Alex
P.S. If my answer help to you, please Accept my answer
PPS That is my Answer and not a Comment
https://ctrlaltdel.blog/

Answer 2

Hi @畦田信治,

Azure App Service Certificates are issued by trusted certificate authorities, such as DigiCert, and support modern encryption standards. While Microsoft doesn't directly publish region-specific compliance with IPA guidelines, the certificates issued by App Service generally follow industry best practices. These include:

RSA keys of 2048 bits or greater
SHA-256 hashing

As for the IPA guidelines, specifically Section "5.2 Server Certificates" (covering validity periods, key usage, etc.), Azure App Service Certificates meet most of these requirements. However, Microsoft doesn’t provide a direct mapping to external specifications, so some items may require internal verification. For example, the default validity period for certificates in Azure is one year, which is common across many security frameworks.

Additionally, Azure App Service Certificates comply with core requirements of the IPA's TLS Cipher Settings Guidelines. Specifically:

TLS Protocol Support: Azure App Service supports TLS 1.2 (enabled by default) and TLS 1.3 for incoming client requests.
Cipher Suites: App Service uses strong cipher suites for both TLS 1.2 and 1.3, including:
- For TLS 1.3: TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256
- For TLS 1.2: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and others, all of which match the IPA-recommended cipher sets.
Key Strength and Hash Algorithm: Certificates use RSA 2048-bit keys (minimum) and SHA-256 or stronger for digital signatures, meeting the IPA’s key strength and hash requirements.
Control Over Cipher Suites: You can manage cipher suites and set a minimum TLS version in the Azure App Service configuration to meet any additional security needs.

For more details on managing certificates in Azure, Please refer the following Microsoft documentation: Managing TLS certificates in Azure App Service, Cipher Suites on Azure App Services, FAQ on App Service cipher suites.

Hope it helps!

Please do not forget to click "Accept the answer” and Yes wherever the information provided helps you, this can be beneficial to other community members.

If you have any other questions or still running into more issues, let me know in the "comments" and I would be happy to help you.

Gaurav Kumar 780 Reputation points Microsoft External Staff Moderator

2025-05-22T00:54:18.33+00:00

Hi @畦田信治,

We haven't heard any response from you and if you are still facing any issues, please click on comment. If the answer was helpful, please click on Accept answer and upvote it.

Share via

server certificates using "App Service Certificates"

2 answers

Your answer