Windows Azure using CNAME DNS records for multiple sites and SSL

In the past 3 weeks I seem to have had to answer this question more than any other. I’m not sure why the past few weeks should have had to have this one popping up so much but there you have it.

I thought I’d create a little “whiteboard video” to describe the process, what entries you have to make where in the service model and what modifications you have to make to your DNS if you want say the default site to be a little more like

Also, if you have multiple sites hosted on your web role, how do you use host header support to give each site a more meaningful name. So that you type: or

rather than the rather ugly: or

Also, how do you set up SSL bindings to these sites so they bind to the correct address in Windows Azure…

Here’s the video:

Hope it works for you.


Planky – GBR-257

Comments (4)

  1. Jaco says:

    I don't see how it is possible that IIS in Azure can read the host-header when https is used. Only the webapp can decode https to http but before it enters the webapp the host header must be used to determine which webapp in the webrole. How can this work?

  2. James says:

    Hi Jaco – the load balancer supports SSL termination & your certificate is loaded onto it when it's uploaded through the management tools. Then with some NAT when the webrole is created multiple SSL certificates can be used.

  3. Rom says:


    I have a webapp (coded in php) running on Azure on something like

    I've redirected one subdomain of my main site (hosted somewhere else) to this azure webapp (ex: ->

    Question:  Using a wildcard SSL certificate on my main site (* will secure the webapp on Azure?

    Thanks for this post.

  4. Lars says:

    Rom  – yes you can use * on Azure without any problems