Bind a custom TLS/SSL certificate to a web app using PowerShell
This sample script creates a web app in App Service with its related resources, then binds the TLS/SSL certificate of a custom domain name to it.
If needed, install the Azure PowerShell using the instruction found in the Azure PowerShell guide, and then run Connect-AzAccount to create a connection with Azure. Also, ensure that:
- A connection with Azure has been created using the
az logincommand. - You have access to your domain registrar's DNS configuration page.
- You have a valid .PFX file and its password for the TLS/SSL certificate you want to upload and bind.
Sample script
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. To get started, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
$fqdn="<Replace with your custom domain name>"
$pfxPath="<Replace with path to your .PFX file>"
$pfxPassword="<Replace with your .PFX password>"
$webappname="mywebapp$(Get-Random)"
$location="West Europe"
# Create a resource group.
New-AzResourceGroup -Name $webappname -Location $location
# Create an App Service plan in Free tier.
New-AzAppServicePlan -Name $webappname -Location $location `
-ResourceGroupName $webappname -Tier Free
# Create a web app.
$webapp = New-AzWebApp -Name $webappname -Location $location -AppServicePlan $webappname `
-ResourceGroupName $webappname
Write-Host "Sign in to your domain provider's website and configure the following records:"
Write-Host "A CNAME record that maps $fqdn to $webappname.azurewebsites.net"
Write-Host "A TXT record that maps asuid.$fqdn to the domain verification ID $($webapp.CustomDomainVerificationId)"
Read-Host "Press [Enter] key when ready ..."
# Before continuing, go to your DNS configuration UI for your custom domain and follow the
# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for the
# hostname "www" and point it your web app's default domain name.
# Upgrade App Service plan to Basic tier (minimum required by custom SSL certificates)
Set-AzAppServicePlan -Name $webappname -ResourceGroupName $webappname `
-Tier Basic
# Add a custom domain name to the web app.
Set-AzWebApp -Name $webappname -ResourceGroupName $webappname `
-HostNames @($fqdn,"$webappname.azurewebsites.net")
# Upload and bind the SSL certificate to the web app.
New-AzWebAppSSLBinding -WebAppName $webappname -ResourceGroupName $webappname -Name $fqdn `
-CertificateFilePath $pfxPath -CertificatePassword $pfxPassword -SslState SniEnabled
Clean up deployment
After the script sample has been run, the following command can be used to remove the resource group, web app, and all related resources.
Remove-AzResourceGroup -Name myResourceGroup -Force
Script explanation
This script uses the following commands. Each command in the table links to command specific documentation.
| Command | Notes |
|---|---|
| New-AzResourceGroup | Creates a resource group in which all resources are stored. |
| New-AzAppServicePlan | Creates an App Service plan. |
| New-AzWebApp | Creates a web app. |
| Set-AzAppServicePlan | Modifies an App Service plan to change its pricing tier. |
| Set-AzWebApp | Modifies a web app's configuration. |
| New-AzWebAppSSLBinding | Creates a TLS/SSL certificate binding for a web app. |
Next steps
For more information on the Azure PowerShell module, see Azure PowerShell documentation.
Additional Azure Powershell samples for Azure App Service Web Apps can be found in the Azure PowerShell samples.