Azure Websites provide SSL support for every site by default. If your website is named contoso-web, you can open a browser and access it using http or https, as shown here:
" contoso-web.azurewebsites.net "
However, the azurewebsites.net domain is a shared domain and therefore the wildcard certificate providing SSL is also shared, making it less secure than if you had a custom domain and your own SSL certificate for the custom domain. You also probably wouldn't want to use the shared domain for a public-facing site. Still, it's good to know this support is there for cases where the shared domain is acceptable.The majority of sites will have a custom domain and therefore will need to configure SSL with this in mind. The site must also be in Standard mode to support this configuration. Configuring SSL for an Azure website with a custom domain requires the following steps:
1. Obtain an SSL certiicate.
2. Upload the SSL certiicate to Azure.
3. Conigure the SSL bindings.
Note ::To conigure SSL for an Azure website with a custom domain, the website must be configured for Standard mode.
Obtaining an SSL certiicate
A certiicate authority must sign your SSL certificate, and the certiicate must adhere to the following requirements:
-The certiicate contains a private key.
-The certiicate must be created for key exchange that can be exported to a Personal Information Exchange (.pfx) file.
-The certiicate's subject name must match the custom domain. If you have multiple custom domains for your website, the certiicate will need to be either a wildcard certiicate or have a subject alternative name (SAN).
-The certiicate should use 2048-bit (or higher) encryption.
Uploading the SSL certiicate to Azure
After the SSL certiicate is obtained, you can upload it to Azure using the management portal by clicking the Domains and SSL part in the Website blade for your site as shown in figure. This opens the SSL Settings blade for your site where you can upload the certiicate.
The Configuration section of the Website blade showing the Domains and SSL part Configuring the SSL bindings.After the SSL certiicate has been uploaded to your Azure Website, the last step in the process is to conigure the SSL bindings. Azure Websites supports Server Name Indication (SNI) SSL and the traditional IP-based SSL.
You can conigure the SSL bindings in the management portal in the SSL Settings blade referenced earlier in Figure. For each binding you must specify the following:
-The custom domain name.
-The SSL certiicate to use for the custom domain.
-Select either SNI SSL or IP-based SSL.
Note :
If you choose IP-based SSL for your SSL binding and your custom domain is conigured using an A record, Azure will assign a new dedicated IP address to your website. This is a different IP address than what you previously used to conigure the A record. Therefore,you must update the A record with your DNS registrar using the new virtual IP address. The virtual IP address can be found in the management portal by clicking the Properties part of the Website blade.
" contoso-web.azurewebsites.net "
However, the azurewebsites.net domain is a shared domain and therefore the wildcard certificate providing SSL is also shared, making it less secure than if you had a custom domain and your own SSL certificate for the custom domain. You also probably wouldn't want to use the shared domain for a public-facing site. Still, it's good to know this support is there for cases where the shared domain is acceptable.The majority of sites will have a custom domain and therefore will need to configure SSL with this in mind. The site must also be in Standard mode to support this configuration. Configuring SSL for an Azure website with a custom domain requires the following steps:
1. Obtain an SSL certiicate.
2. Upload the SSL certiicate to Azure.
3. Conigure the SSL bindings.
Note ::To conigure SSL for an Azure website with a custom domain, the website must be configured for Standard mode.
Obtaining an SSL certiicate
A certiicate authority must sign your SSL certificate, and the certiicate must adhere to the following requirements:
-The certiicate contains a private key.
-The certiicate must be created for key exchange that can be exported to a Personal Information Exchange (.pfx) file.
-The certiicate's subject name must match the custom domain. If you have multiple custom domains for your website, the certiicate will need to be either a wildcard certiicate or have a subject alternative name (SAN).
-The certiicate should use 2048-bit (or higher) encryption.
Uploading the SSL certiicate to Azure
After the SSL certiicate is obtained, you can upload it to Azure using the management portal by clicking the Domains and SSL part in the Website blade for your site as shown in figure. This opens the SSL Settings blade for your site where you can upload the certiicate.
The Configuration section of the Website blade showing the Domains and SSL part Configuring the SSL bindings.After the SSL certiicate has been uploaded to your Azure Website, the last step in the process is to conigure the SSL bindings. Azure Websites supports Server Name Indication (SNI) SSL and the traditional IP-based SSL.
You can conigure the SSL bindings in the management portal in the SSL Settings blade referenced earlier in Figure. For each binding you must specify the following:
-The custom domain name.
-The SSL certiicate to use for the custom domain.
-Select either SNI SSL or IP-based SSL.
Note :
If you choose IP-based SSL for your SSL binding and your custom domain is conigured using an A record, Azure will assign a new dedicated IP address to your website. This is a different IP address than what you previously used to conigure the A record. Therefore,you must update the A record with your DNS registrar using the new virtual IP address. The virtual IP address can be found in the management portal by clicking the Properties part of the Website blade.
