top of page
Writer's picturemicah jardine

Free SSL Certificate with App Managed Certificates

You can now protect your custom DNS name with a free SSL Certificate from Microsoft.

Microsoft announced that Azure App Services (Web Apps) are now entitled to a free SSL Certificate provided by Microsoft. Your App Service Plan needs to be a B1 or larger (Free and Shared tiers do not support SSL).


The free App Service Managed Certificate is a turn-key solution for securing your custom DNS name in App Service. It's a fully functional SSL certificate that's managed by App Service and renewed automatically. The free certificate comes with the following limitations:


  • Does not support wildcard certificates.

  • Does not support naked domains.

  • Is not exportable.

  • Does not support DNS A-records.


The free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.


Create a Website with a Certificate

Deploy and App Service

Firstly deploy an App Service Plan, and an App Service, and then browse to the Web App in the portal.


Copy the App Service URL to your clipboard




Configure DNS

Next, add a CNAME record to your DNS provider, and paste the URL as the destination CNAME, you will need to remove the https:// prefix. In my example, I created the CNAME record freessl.micahjardine.com.





Confirm the Domain in the App Service

Go back to your App Service and select on Custom Domains, enter your custom domain and click validate, if DNS has replicated your domain will be confirmed.





Create your free certificate

Go to TLS/SSL Settings, check the Private Key Certificates Tab, and click on Create App Service Managed Certificate





Once the certificate is created you will be able to see it under the Private Key Certificates




Add SSL Binding

Back in Custom Domains, add the SSL Binding to your website and select the certificate you just created. Don't forget to press Validate





If you browse back to the Overview you can now see the URL for your web app, click on the URL to browse to your website.





SSL Verification

Your website will now be protected by SSL with valid public certificate, which is completely managed by the app service!





Links

74 views0 comments

Recent Posts

See All

Simple RBAC Model for Azure & DevOps

Azure RBAC models in Enterprises do not need not be complex. Microsoft recommends having fewer subscriptions and creating granular permissio

©2020 by Micah Jardine - Azure Cloud Blog. Proudly created with Wix.com

bottom of page