Home / Tutorials / How to Install an SSL Certificate / How to Install an SSL Certificate on Azure?

How to Install an SSL Certificate on Azure

How to Install an SSL Certificate on Azure

This tutorial will explain to you how to install an SSL Certificate on Azure for web apps. You will also learn how to generate a CSR (Certificate Signing Request) for Azure. The later parts of this guide include useful tips on where to buy an SSL certificate for your web app.

Table of contents

  1. How to generate a CSR code for Microsoft Azure?
  2. How to install an SSL certificate on Azure for a web app?
  3. Where to buy an SSL Certificate for Microsoft Azure Server?

How to generate a CSR Code for Microsoft Azure?

Unlike other server platforms, Azure doesn’t allow you to generate a CSR directly from its interface. Since it’s a cloud computing service, you can only upload the SSL Certificate from the Azure console.

To create the CSR, you must use the IIS (Internet Information Services) manager on your local Windows machine. You also need to install your certificate on the IIS server. Finally, you must export it in PFX format from the Windows server, and import it to the Microsoft Azure portal.

It seems a bit overwhelming, doesn’t it? But don’t worry, we’ve already written a comprehensive, step-by-step guide about the IIS server on another page. All you have to do is follow the steps below:

  1. Check the How to install an SSL Certificate in the IIS guide. Make sure you select the right IIS version available on your machine.
  2. After you’ve successfully generated the CSR and installed the certificate on the IIS server, export your certificate to a PFX file.

How to install an SSL certificate on Azure for a web app?

Before securing your Azure web app with a third-party SSL certificate, ensure it meets the following requirements:

  • The certificate is exported as a password-protected PFX file, encrypted using triple DES.
  • The private key is at least 2048 bits long
  • All intermediate and root certificates are combined in the certificate chain.

Note: Not all app services plans support third-party certificates. You must be in the Basic, Standard, Premium, or Isolated tier.

Step 1: Prepare your certificate for upload

After you receive the SSL certificates from the Certificate Authority, download the ZIP archive and extract its contents on your device.

If you get the server, root, and intermediate certificates in separate files, you have to merge them into a single file. Follow the steps below:

  1. Open the extracted certificates in any text editor of your choice.
  2. Create a separate file named mergedcertificate.crt.
  3. Copy the contents of each certificate in the newly created file, following the exact sequence:

Server certificate -> Intermediate certificates 1 & 2 -> Root Certificate.

Here’s an example of how your file should look:

-----BEGIN CERTIFICATE-----

—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–

Step 2: Export the SSL certificate to PFX

Next, you need to export the merged SSL certificate with the private key to PFX.

Here’s how to export the certificate to a PFX file in IIS.

And here’s how to do it via OpenSSL:

openssl pkcs12 -export -out 5. myserver.pfx -inkey -in <merged-certificate-file

Replace the bolded placeholders with the actual path to your private key and merged certificate file.

Step 3: Upload your certificate to App Service

  1. Log into the Azure portal, and from the left menu, select App Services, then the app name.
  2. From the app’s navigation menu, go to TLS/SSL settings > Private Key Certificates(.pfx) > Upload Certificate.
  3. In the PFX Certificate File section, choose your PFX file.
  4. In the Certificate password field, enter the password you created when you exported the PFX file, then click Upload.

Step 4: Create a certificate binding

In the last step, you have to create a certificate binding so that your domain is encrypted with this particular certificate. To do so, follow the official Azure documentation.

Where to buy an SSL Certificate for Microsoft Azure Server?

The best place to buy an SSL Certificate for Azure is from SSL Dragon. We offer unbeatable prices, regular discounts, and great deals on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to provide your website with bulletproof encryption. All our SSL certificates are compatible with Microsoft Azure.

Get an SSL certificate now

To help you pick the ideal SSL certificate, we built a couple of exclusive SSL tools. Our SSL Wizard takes care of your search and recommends the best SSL deal for your online project. On the other hand, the Certificate Filter sorts and compares different SSL certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.