Multiple Domain Name to the same Cloud Service and SSL Certificates

So most probably you got the following error while browsing a cloud service hosted in Windows Azure.

There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept data you send to the server.
We recommend that you close this webpage and do not continue to this Web site.

One website ( WebRole in case of Azure) can be associated with one certificate only and this is by design. This is not an Azure PAAS WebRole but an IIS limitation till now.

In case you have the following scenario where multiple DNS (CNAME) names need to be mapped to the same cloud service or hosted service.

a) =>

b)  =>

While this is not a problem without a certificate, with an SSL certificate you might get a security warning and the reason is as below.

The certificate is used by the WebSite to let the client know that is can be trusted. In the current case you may have two certificates on the Windows Azure Management Portal but only one can be associated with the WebRole and that is by design as in IIS only one certificate can be associated with one WebSite.

a) The certificate that the WebRole may be using currently was say issued for . So the certificate metadata has this information on the Server Side.

b) When we use  we ultimately land up with

c) The WebSite sends the client certificate to the browser and it will get flagged as below.



d) If you hit Continue to this website it will take you to the actual site without any issues.

e) Now let’s look at the Certificate. The Issued to part has but you are browsing to a site


f) The WebBrowser correctly flags it off saying “Hey! You browsed for but the certificate returned was for . Something is fishy!!!”

g) To overcome this you can use the Subject Alternative Name and get the name added to it. This needs to be done by the certificate vendor from you will get your SSL certificate.

A live example can be found if you browse to the site and look for the property of the certificate.



So now the browser will look though the list of alternate names and if it matches the one being browsed it will not flag it.

In case you want to use multiple DNS names then the secondary names have to be added to the Subject Alternative Number of the Certificate.  This single certificate needs to be uploaded to the portal and the thumbprint provided to the cloud service.  The site can be now browsed without any SSL warnings using either if the names  or or any other alternate DNS name.

 Angshuman Nayak, Cloud Integration Engineer

Comments (2)

  1. Hardik Pithadiya says:

    If I have multiple certificates for the multiple domains then what should be done ? How can I bind them in Azure? I have only single application(Single Web Role) and using the CNAME I am pointing the multiple domains to the single webrole. So how can I handle this ?

    Thanks in advance.

Skip to main content