Here is some good information about the App Service Certificates. Like custom domain names, you can also purchase SSL certificates from within the Azure portal here. I was working with a customer who was having some problems with the configuration and decided to walk through the configuration myself, and like always, will document and share it. I will assume that you have already done the following.
- Purchase the App Service Certificate
- Step 1: Store / Create the Key Vault for the App Service Certificate
- Step 2: Verify the App Service Certificate
- The custom domain is already bound to the Azure App Service, discussed here and here
As shown in Figure 1, I will discuss the configuration from this point onwards.
Figure 1, configure an App Service Certificate, bind it to an Azure App Service
NOTE: It used to be that the certificate cannot be used across different subscriptions and you needed to be sure to create the certificate in the subscription where the custom domain and the App Service are created. Otherwise you will not have been able to bind the certificate to an App Service in another subscription. You can log a case with support to get it moved. You can export this certificate as described here.
This remaining steps covered in this post are:
- Navigate to the Azure App Service
- Import the App Service Certificate
- Bind it to the Azure App Service
Once you are in the Azure portal, open the SSL certificates blade, as shown in Figure 2. Notice that the App Service Certificate is not there, you need to import it first which is discussed later. What is show is the existing SSL certificates which have already been uploaded or imported to that App Service Plan (ASP), discussed here. As you know, an ASP is a VM which is running your App Service, there can be many App Services running in the same ASP. So, if you have many custom domains and have many SSL certificate for them, then you will see them all here.
Figure 2, import an App Service Certificate, bind it to an Azure App Service
If you were uploading an SSL certificate you already own or a test SSL certificate which I discuss here, then you would click on the Upload Certificate link. However, as you are trying to install and configure an App Service Certificate, click on the Import App Service Certificate link instead. Clicking on that link open the blade called App Service Certificate Picker, as shown in Figure 3. Click on the App Service Certificate that you want to import to the App Service. If clicking it once does not seem to work, try double-clicking it. Regardless, the clicking of the certificate will result in that blade closing and it being imported into the App Service.
Figure 3, select an App Service Certificate, bind it to an Azure App Service
As shown in Figure 4, you will see the new SSL Certificate imported for binding to an Azure App Service.
Figure 4, bind an App Service Certificate to an Azure App Service
Once you see the SSL certificate in the list of available certificates, select the Add binding link. As shown in Figure 5, select the custom domain which you have already configured using either of these methods, here, here or here. Then select the App Service Certificate you just imported from Figure 3.
Figure 5, bind an App Service Certificate to an Azure App Service
Select the Add binding button and you will then see the SSL binding in the portal, similar to that shown in Figure 6.
Figure 6, bind an App Service Certificate to an Azure App Service
The only tricky part was from the App Service Certificate Picker blade, seemed I needed to double-click the certificate. Nonetheless, it works and all is good. Later.