Secure your Azure App Service using free SSL / TLS Certificates

Yesterday, Microsoft announced one of the most requested features of Azure App Services at Ignite: Free Transport Layer Security (TLS) for Azure App Service.

The free App Service Managed Certificate is a fully functional SSL certificate that is managed by Azure and gets automatically renewed. Since this is a free offering, it also comes with some limitations:

  • Does not support wildcard certificates.
  • Does not support apex domains (only sub-domains)
  • Does not support the export of the certificate

Also, I was not able to create the SSL Certificate on an App Service Plan hosted in North Europe. Right now I had to choose Central US.

Create a free certificate using the Azure Portal

Before you can create the free certificate, you have to add a custom domain. Right now, you have to either use an A– or CNAME record (credits to Joonas W).

For my example, I added the domain using a CNAME to This is how the record looks like on GoDaddy (my domain registrar):

And this is how it looks like in the Azure Portal after I assigned the custom domain. As you can see, the SSL state is “Not Secure“:


Now let’s add the free certificate by selecting TLS/SSL settings (1) from the left navigation of our app. On the next screen, click on the Private Key Certificates (.pfx)  (2) tab and then on the Create App Service Managed Certificate (3) button:


Now we can select our custom domain from the dropdown (1) and click on the Create button (2) to create a free certificate:

When the operation completes, we will see the certificate in the Private Key Certificates list:


Add the SSL binding

We have now created a free certificate for our Web App but we still need to add an SSL binding to our custom domain. We can do this on the Custom domains (1) page by clicking on the Add binding (2) link next to our custom domain:


On the next page, we have to select our Custom domain (1) and the Private Certificate Thumbprint from the dropdowns, choose a TLS/SSL Type (3) and click on the Add Binding button (4):


That’s it, our site is now secured using TLS by a free App Service Managed Certificate. You can see the certificate live in action here. This is how it looks like:


For additional reference, see the documentation.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s