Configure certificates and TLS for an App Service

Posted on by zeusexam

Configure certificates and TLS for an App Service

App Services can use certificates along with custom domains to help secure and provide trust to the users and services that will access the resource. There are three supported methods of using certificates with an App Service:

  • Managed certificates  Managed certificates are included with an App Service and managed by Digicert but have additional restrictions.
  • Private key certificates  If you already have your own certificate, you can upload the.pfx private key certificate to be used by the App Service.
  • Public key certificates Upload .cer public certificates to be used by the App Service. To manage the certificates of an App Service, navigate to the App Service and open the Certificates blade, as shown in Figure 3-77.

FIGURE 3-77  App Service Certificates

Managed certificates

Managed certificates are free certificates available for an App Service and are fully managed by Microsoft, but they’re issued by Digicert. Managed certificates are easy to obtain, but do have some prerequisites and limitations to be aware of. To create a free certificate, the App Service plan that the web app is associated with cannot be in the Free tier.

If you plan to use a custom domain with a managed certificate, the domain must already be added to the App Service. Adding a custom domain to an App Service was discussed earlier in this skill. Additionally, if you plan to use a root domain, the App Service configuration cannot include any IP restrictions. The app must be accessible from the internet to process the creation and renewal of the certificate.

Free certificates also have the following restrictions:

  • Cannot use wildcards in the certificate.
  • Cannot be used as a client certificate.
  • Cannot be used with private DNS.
  • Cannot be exported from the App Service.
  • Only support alphanumeric characters, dashes, and periods.
  • Custom domain names cannot exceed 64 characters.

To add a managed certificate to your App Service, navigate to the Certificates blade of the App Service. On the Managed Certificates tab, shown in Figure 3-77, click Add.

On the Add App Service Managed Certificate blade, select the custom domain you previously added from the Custom Domain drop-down menu. Specify a friendly name for the certificate and then click Validate.

If the App Service passes validation, as shown in Figure 3-78, click Add to generate the cer-tificate and add it to the App Service. This process could take up to 10 minutes to complete.

FIGURE 3-78 Add a managed certificate

Leave a Reply

Your email address will not be published. Required fields are marked *