Add custom domain and custom certificate with Front Door

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure


This template creates a Front Door configuration with a single backend, onboards a custom domain, and then secures the custom domain with a customer-managed certificate.

Parameters for this template are:

  • frontDoorName - Name of the Front Door (for example, contoso).
  • customDomainName - Host name of the custom domain (for example, or
  • certificateKeyVaultResourceId - The fully qualified resource ID of the Key Vault that contains the custom domain's certificate.
  • certificateKeyVaultSecretName - The name of the Key Vault secret that contains the custom domain's certificate.
  • certificateKeyVaultSecretVersion - The version of the Key Vault secret that contains the custom domain's certificate.
  • backendAddress - Host name of the backend (for example,

For the deployment of this template to succeed the specified custom domain will require a CNAME to the Front Door's default frontend host (for example,

For example, for a Front Door instance named contoso, the default frontend host name would be To add the custom domain, create a DNS CNAME entry for to For more details, see Tutorial: Add a custom domain to your Front Door.

You also need to configure your Key Vault instance to work with Front Door. See Prepare your Azure Key vault account and certificate.

Tags: Microsoft.Network/frontDoors, Microsoft.Network/frontdoors/frontendEndpoints/customHttpsConfiguration