How to get updated SSL certificates before Azure automaticatlly changes it?

Question

We use default SSL certificates in Azure, so we do not have to do any maintenance for them. We do not use the paid SSL cert service, nor the custom SSL certs.

A consumer of our webapp in Azure App Services caches the Azure SSL certificate. Whenever Microsoft changes that certificate, their connection stops working.

This has already happened twice - Fall of 2019, Fall of 2020. Both times we got zero notification of the change from Microsoft, which resulted in a service disruption.

How can we get an advanced notification of these default certs changing? Would like the date of the change and the cert files.

Salesforce.com, for example, has a "group" where they post such changes months ahead, and provide a zip file with the new certs. Can Microsoft do something like that?

Answer 1

Thanks for asking question! Just to confirm if you are referring to the default wildcard certificate for *.azurewebsites.net, that isn’t a certificate that you can or should rely on for any kind of stability. The service can (and has multiple times) changed the certificate at will for any number of reasons.

For need of certificate stability, as well as access to artifacts like public cer files, do need to purchase their own certificate.

(Please note that doesn’t need to be purchased from us – any valid certificate from a public certificate provider will work).

Hope this helps, If you have further query or issue remains let us know.