question

Ryan-1711 avatar image
0 Votes"
Ryan-1711 asked SnehaAgrawal-MSFT commented

TLS/SSL - No Option to Create App Service Manged Certificate

201936-capture2.pngI have a WebApp provisioned, deployed, and live on Azure Government. I have added my custom domain, and would like to bind an SSL certificate to prevent warnings when navigated to. Under TLS/SSL Settings I have no option to "Create App Service Managed Certificate." The only options I see under TLS/SSL Settings -> Private Key Certificates (.pfx) are "Import Key Vault Certificate" and "Upload Certificate." My WebApp is provisioned in the S1 Tier, and I have also tried changing the app service plan between higher and lower tiers to see if it would work but nothing will show this option. How can I go about resolving this so I can create an app service managed certificate and bind it to my custom domain?

Thank you in advance any help!


azure-webappsazure-webapps-ssl-certificatesazure-webapps-custom-domains
capture2.png (151.0 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Ryan-1711

Thank you for posting your concern.

I understand that you are having a hard time to get this done as you intent for this scenario.

Now I believe you are referring to this section below:

202031-image.png



So, this is not what you are looking for as per your comment.... I wonder what type of SSL/TLS certificate is the one you need to import!

Is this a Self-signed or Trusted CA certificate and so on?

Regards,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·
image.png (133.0 KiB)
Ryan-1711 avatar image Ryan-1711 ricardosolisvillegas-4678 ·

That is the section I am referring to, but my screen does not show the option "Create App Service Managed Certificate." I've attached an Image of what my UI shows:

202041-capture2.png


0 Votes 0 ·
capture2.png (151.0 KiB)

The normal procedure to get this customer domain as well as your own TLS certificate is the following:

1-Import Private Keys(Choose the settings needed like (HTTPS only and version required)
2-Upload certificate and you browse on your PC where your certificate file is saved(PFX format).
3-Then, you should see it under Private key section:
202004-image.png



4-Then, click on Bindings selection and after this step, there you get an option SSL/TLS bindings
5-Once there you shall choose Customer Domain as well as choose certificate and TLS/SSL type.
6-Finally, Add binding

Those are the points to follow to get this certificate provision on your app.

Note: Just double check that you are not blocking the PIP on any NSG(Just in case)

Regards,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



0 Votes 0 ·
image.png (16.6 KiB)

1 Answer

SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered SnehaAgrawal-MSFT commented

@Ryan-1711 Thanks for reaching here! If I have understood right you are are live on Azure Government, and you are not able to see create App Service Managed certificate and App Service certificate options even while using Standard tier. If so, as mentioned in the Compare Azure Government and global Azure

202285-azure-government-microsoft-docs.png

Please let us know if further query or issue remains.



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Understood, this is the answer I was anticipating. Thank you.

0 Votes 0 ·

@SnehaAgrawal-MSFT

Does this mean I cannot use a custom domain on Microsoft Azure Government at all? I'm not even getting the option to buy a certificate at all... I would just like to make my webapp navigable to with a custom domain that is secured.




0 Votes 0 ·

Thanks for reply, As per above mentioned document: for managed offering where you can buy a cert or domain through Azure its not supported in any National Cloud.

But you can bind a domain or upload a certificate you purchase from any other registrar.

Once you obtain a certificate from your certificate provider, follow the steps in below document link to make it ready for App Service.

: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#upload-a-private-certificate

Let us know if further query on this.



0 Votes 0 ·