Install an SSL/TLS Certificate in Microsoft Azure App Service/Web Apps

These instructions will show you how to install an SSL/TLS certificate and private key in a Microsoft Azure App Service web app and bind it to a custom domain. If you don't have a certificate yet, please read Ordering and Retrieving SSL/TLS Certificates for full instructions on buying a certificate from SSL.com.

  1. Generate PKCS#12 file.

    Before you upload your certificate and private key to your Azure web app, you'll need to combine them into a password-protected PKCS#12 file (also commonly known as a PFX or P12 file). You can generate this file with either or IIS or OpenSSL:

     Generate a PFX/P12 File for Azure with Windows
    Create a .pfx/.p12 Certificate File Using OpenSSL

  2. Open app in Azure.

    Navigate to your app in the Azure portal.
    Navigate to app

  3. Open TLS/SSL settings.

    Click TLS/SSL settings in the left sidebar menu.
    TLS/SSL settings

  4. Click Private Key Certificates (.pfx).

    Select the Private Key Certificates (.pfx) tab.
    Private Key Certificates (.pfx)

  5. Click Upload Certificate.

    Click Upload Certificate to begin the certificate upload process.
    Upload Certificate

  6. Upload certificate.

    Click the folder icon and navigate to your PKCS#12 file, enter the PKCS#12 file's password, then click the Upload button.
    Upload certificate

  7. Verify successful upload.

    You should see an alert message if your upload is successful, and your certificate will be shown in the Private Key Certificates list.
    Private key certificates

  8. Select Bindings tab.

    Now you can bind the certificate to your custom domain name. Select the Bindings tab.
    Bindings

  9. Click Add TLS/SSL Binding.

    Click Add TLS/SSL Binding to begin the process of binding your certificate to your web app's domain name..
    Add TLS/SSL Binding

  10. Choose custom domain.

    Choose the domain name your certificate will protect from the Custom domain drop-down menu.
    Choose custom domain

  11. Choose certificate.

    Choose the certificate you just uploaded from the Private Certificate Thumbprint drop-down menu.
    Choose certificate

  12. Choose TLS/SSL type.

    Select SNI SSL from the TLS/SSL Type drop-down menu.
    Select TLS/SSL type

  13. Add binding.

    Click the Add Binding button.
    Add Binding

  14. Verify binding.

    You should see an alert message if your binding is successful, and your certificate will be shown in the TLS/SSL Bindings list.
    TLS/SSL Bindings

  15. Update protocol settings.

    Now that your certificate is installed and bound to your domain name, you should make sure that your site is only served via HTTPS and a secure version of SSL/TLS. Under Protocol Settings, set HTTPS Only to On and Minimum TLS Version to 1.2.
    Protocol Settings

  16. Finished!

    Your SSL/TLS certificate is now uploaded and bound to your web app.
    Finished