question

JeffEast-3179 avatar image
0 Votes"
JeffEast-3179 asked JeffEast-3179 commented

Confusion over Azure TLS/SSL Settings, F1 App Service Plan and SSL Certificates

I have succeeded in confusing myself beyond all expectations.

I have a simple Web Service which has existed for several years. Access to it has been through http, however I wanted to switch to https.

Trying to find the documentation describing how to do this simple transformation has been "trying".

It appears to be as simple as clicking the "HTTPS Only" radio button in the portal's TLS/SSL Settings page. In this case, it appears to use a general certificate that covers all *.azurewebsites.net URLs. (It'd be nice if this were clearly documented).

It also appears as if you can't use a 3rd-party certificate, issued to your explicit domain name, in the F1 pricing tier (free tier). It looks like you have to pick at minimum, the B1 plan (at $54/mo) if you want to provide your own certificate (which I think would be absolutely irresponsible, except Microsoft allows the use of its *.azurewebsites.net certificate).

It's taken me an absurdly amount of effort to figure all this out.

Have I got it right, or is there something vital I've missed?

thanks!
Jeff

azure-webapps-ssl-certificatesazure-webapps-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered JeffEast-3179 commented

Thanks for asking question! If I am understanding right you have custom domain and you want to secure it which means access your App Service app at the https:// endpoint.

So to elaborate Custom SSL is not supported in the F1 or D1 tier and you need to Scale up your App Service plan.

Coming to how to Secure a custom domain: You need to follow below steps.

  1. Go to Azure portal > select your App Services.

  2. From the left navigation of your app select TLS/SSL settings > Add TLS/SSL binding

  3. In Custom Domain, select the custom domain you want to add a binding for.

  4. If your app already has a certificate for the selected custom domain, go to Create binding directly. Otherwise you need to Add a
    certificate for custom domain.

  5. If your app has no certificate for the selected custom domain, then you have below options:
    Upload PFX Certificate - Follow the workflow at Upload a private certificate, then select this option here.
    Import App Service Certificate - Follow the workflow at Import an App Service certificate, then select this option here.
    You can also **Create a free certificate (Preview)**

  6. After that you have to Create binding (Check this table to help you configure the TLS binding) in the TLS/SSL Binding dialog >
    then click Add Binding.

  7. Once the operation is complete, the custom domain's TLS/SSL state is changed to Secure.

Clarifying HTTPS Only Feature:

Further you may want to know that after completing above By default, anyone can still access your app using HTTP but if you want you can redirect all HTTP requests to the HTTPS port by using HTTPS Only, select On feature.

For more details suggest you to refer this official document : https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings


Hope this simplifies you. Let me know if you have further query on this.







· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the explicit how-to guide.

Jeff

0 Votes 0 ·