This tutorial will explain to you how to install an SSL Certificate on Microsoft Azure for web apps. You will also learn how to generate a CSR (Certificate Signing Request) for Azure. The later parts of this guide include a small overview of the Azure history and useful tips on where to buy an SSL certificate for your web app.

How to generate a CSR Code for Microsoft Azure?

Unlike other server platforms, Azure doesn’t allow you to generate a CSR directly from its interface. Since it’s a cloud computing service, you can only upload the SSL Certificate from the Azure console.

To create the CSR, you must use the IIS (Internet Information Services) manager on your local Windows machine. You also need to install your certificate on the IIS server. Finally, you must export it in PFX format from the Windows server, and import it to the Microsoft Azure portal.

It seems a bit overwhelming, doesn’t it? But don’t worry, we’ve already written a comprehensive, step-by-step guide about the IIS server on another page. All you have to do is follow the steps below:

  1. Check the How to install an SSL Certificate in the IIS guide. Make sure you select the right IIS version available on your machine
  2. After you’ve successfully generated the CSR and installed the certificate on the IIS server, export your certificate to a PFX file.

How to install an SSL certificate on Azure for a web app?

Before securing your Azure web app with a third-party SSL certificate, ensure it meets the following requirements:

  • The certificate is exported as a password-protected PFX file, encrypted using triple DES.
  • The private key is at least 2048 bits long
  • All intermediate and root certificates are combined in the certificate chain.

Note: Not all app services plans support third-party certificates. You must be in the Basic, Standard, Premium, or Isolated tier.

After you receive the SSL certificates from the Certificate Authority, download the ZIP archive and extract its contents on your device. If you get the server, root, and intermediate certificates in separate files, you have to merge them in a single file. Follow the steps below:

Prepare your certificate for upload

  1. Open the extracted certificates in any text editor of your choice.
  2. Create a separate file named mergedcertificate.crt.
  3. Copy the contents of each certificate in the newly created file, following the exact sequence: Server certificate >Intermediate certificates 1 & 2 > Root Certificate. Here’s an example of how your file should look:
    —–BEGIN CERTIFICATE—–
    <your server SSL certificate>
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    <intermediate certificate 1>
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    <intermediate certificate 2>
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    <root certificate>
    —–END CERTIFICATE—–
  4. Next, you need to export the merged SSL certificate with the private key to PFX.
    • Here’s how to export the certificate to a PFX file in IIS.
    • And here’s how to do it via OpenSSL: 
      openssl pkcs12 -export -out 5. myserver.pfx -inkey <private-key-file> -in <merged-certificate-file
      If you select the OpenSSL method, replace the bolded placeholders with the actual path to your private key and merged certificate file.

Upload your certificate to App Service

  1. Log into the Azure portal, and from the left menu, select App Services, then the app name.
  2. From the app’s navigation menu, go to TLS/SSL settings > Private Key Certificates(.pfx) > Upload Certificate.
  3. In the PFX Certificate File section, choose your PFX file. 
  4. In the Certificate password field, enter the password you created when you exported the PFX file, then click Upload.

In the last step, you have to create a certificate binding so that your domain is encrypted with this particular certificate. To do so, follow the official Azure documentation.

Microsoft Azure Server History

Microsoft Azure is a popular cloud computing service with a huge portfolio of cloud services such as networking, storage, databases, web and mobile app deployment, AI cognitive service, Internet of Things, and developer tools.

Azure started as a Microsoft internal initiative codenamed “Project Red Dog”. It was announced to the general public in 2008, and released on February 1, 2010, as “Windows Azure”.

Since its release, Azure has gone a long way to become the second largest IaaS (infrastructure as service) and PaaS (platform as service) provider in the world, behind only AWS (Amazon Web Services).

On March 25, 2014, Microsoft renamed “Windows Azure” into “Microsoft Azure” to better reflect its wide range of services. Today, Azure supports a variety of frameworks, programming languages, open source software and operating systems including Linux.

Azure is especially popular among large organizations that already use Microsoft products, but it’s quickly gaining in popularity among small businesses and even independent developers.

Where to buy an SSL Certificate for Microsoft Azure Server?

The best place to buy an SSL Certificate for Azure is from SSL Dragon. We offer unbeatable prices, regular discounts and great deals on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to provide your website with bulletproof encryption. All our SSL certificates are compatible with Microsoft Azure. Here are the types of SSL certificates we sell:

  • Domain Validation
  • Business Validation
  • Extended Validation
  • Wildcard
  • Multi-Domain
  • Code Signing
  • IP Address
  • Email/Documents

To help you pick the ideal SSL certificate, we built a couple of exclusive SSL tools. Our SSL Wizard takes care of your searching and recommends the best SSL deal for your online project. On the other hand, the Certificate Filter sorts and compares different SSL certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.

Last updated on September 16, 2022.