Introduction

In the previous post we configured custom domain for the Azure web app. In this post we will look at the process of procuring a certificate from GoDaddy and configure SSL for the Azure web app.

Prerequisites

  • Azure web app already configured with Custom domain
  • Basic understanding of DNS records management

Procure Certificate

In the previous post we have configured dotnettek.com domain for an Azure web app. Now its time to secure the communication with SSL certificate. In this post we will generate certificate from GoDaddy (you can use any certificate authority to order certificate). For our requirement, we will buy the standard ssl certificate (for one domain – in our case for dotnettek.com). For different type of certificates refer Godaddy ssl certificate page.

Generate Certificate Signing Request (CSR)

Open IIS Manager and open “Server Certificates” as shown in the image below.

image

 

Select “Create Certificate Request” as shown in image below

image

Fill in the certificate details in the wizard as shown in image below

image

Click Next as highlighted in above image.

image

Choose the CSP and the bit length for the encryption key as per your requirement (shown above) and click Next.

image

Select the file location and name where you intend to save the CSR as shown in above image and click Finish. CSR will be generated at the selected path. Open the generated file. It should be of the following format.

 

-----BEGIN NEW CERTIFICATE REQUEST-----
G9w0DAgIC/0Nztto977bWZRJmgKZKVmR7stehPlWeyjM/AhxEtYtdCptPORQuNlH6Bai3mjZm
Jm+PM2nDVtV0GwjGaJ37j//Y57ktDqL9sq2UhSz9VR7dDwt+34zciFwUANzPeS+L
GTVfY036752qiZkMeE6Q2Mfct9MkhqIfRKmqe/vu6fNSVt9ARb9tkem4T92RgDM6
Txx3gS2YC03izRR6SfHYuD+IO4oU5HjCwOMqfO278wL5QOO+6CNpLkPia362ABbB
0zJv9SQeBZXm+dLuHj83iBC+Z5tXT4pS+X0bwoGrywgMzh50rnYAxThIhb9Erkb8
GDX6uD4Fa4KL9x0AfL8=AIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJ
YIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNV
HQ4EFgQUwPadpVZXTllN+edaYNHO0Roh53UwDQYJKoZIhvcNAQEFBQADggEBAFMl
-----END NEW CERTIFICATE REQUEST-----

Copy the content of the file.

 

Order certificate with a CSR

Goto the Godaddy portal and navigate to the section where you can request the certificate.

 

image

Paste the content of the CSR in the certificate request page, accept terms and conditons and click Request Certificate as shown in the image above.

 

If all the data is in correct format certificate provider will generate the certificate as shown in image below.

image

 

Click on domain link (dotnettek.com) as shown in above image. You will be taken to the manage certificate page.

image

Click on download option to download the certificate. You will be taken to download details page.

image

Select IIS from the available options and click Download Zip File.

 

Unzip the content of the downloaded file. It will contain 2 files as shown in image below.

image

In the next section we will use the first file to install certificate and later export pfx out of it.

 

Export certificate (pfx)

Navigate to the IIS Manager –> Server Certificates and select Complete Certificate Request as shown in image below

image 

 

Select the certificate that we downloaded in the previous section.

image

Click Ok and the certificate will be installed as shown in image below

image

Right click on the installed certificate and select Export as shown in image below

image

Select the file name, location, password and click OK as shown in image below

image

Now we have exported the certificate to pfx format. Next we will upload the certificate to the Azure web app to configure SSL.

 

Change Azure web app service plan to Basic

In the last post “How to configure custom domain with Azure web app” we upgraded Azure web app from Free to Shared App service plan as Free one doesn’t support the custom domain. Now we will need to upgrade the App service plan again as Shared one doesn’t support SSL. Lets try to configure the SSL before upgrading (we are on Shared App service plan).

 

Navigate to the SSL certificates section of the Web app

image

Message in the above image indicates that SSL Bindings are not supported in App service plans lower than Basic.

Lets upgrade the App Service plan for the dotnettek.com web app from Shared to Basic as shown in image below

image

Click Select in the above image and App Service plan will be upgraded.

 

Upload and install certificate to Azure Web App

After the plan is upgraded navigate to SSL certificates section for the web app again.

image

After upgrading App service plan we have got the option to enable the SSL as shown in image above. Since we have certificate already procured and present in pfx format on local machine, click on “Upload Certificate” as shown in above image.

image

Select the pfx certificate file that we exported in previous section. Enter the password and then click Upload as shown in above image.

image 

Imported certificate will start showing up over as shown in above image.

 

Now we need to add SSL binding. Before adding the binding lets look at the available SSL Type options. There are 2 SSL Type options available SNI SSL or IP Based SSL as shown in image below.

image

The difference in the 2 SSL Types is as follows:

  • SNI based SSL (Server Name Indication) - This option allows multiple SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI
  • IP based SSL - Only one IP-based SSL binding may be added. This option allows only one SSL certificate to secure a dedicated public IP address. To secure multiple domains, you must secure them all using the same SSL certificate.

We will use SNI based SSL Type in following steps to configure bindings.

 

Click on Add binding under SSL bindings to add the certificate bindings.

image

Select the binding for dotnettek.com, select certificate and SSL Type to SNI SSL as shown in above image. Also, add the binding for Hostname – www.dotnettek.com, select certificate and SSL Type to SNI SSL and click add binding as shown in image below

image

Both the bindings will appear in the SSL bindings page as shown in image below.

image

 

Now we have the SSL configured but, page is also yet served on http as shown in below image

image image

 

Now lets add a Url Rewrite rule in the web.config of the app to direct all the http traffic to https. The rule is as shown below:

<rewrite>
  <rules>
    <rule name="Force HTTPS" enabled="true">
      <match url="(.*)" ignoreCase="false" />
      <conditions>
        <add input="{HTTPS}" pattern="off" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

Now all the traffic to dotnettek.com should be redirected to https://dotnettek.com.

 

Great, we have successfully configured SSL certificate for the Azure web app in this post.