Share via

Renew a SSL Certificate for your Azure webapp

  • Article

In this article I will show you how to renew a SSL certificate for  your Azure webapp.

Pre-requisites.

  • Map a custom DNS name to your web app
  • Choose at least a Basic Tier plan on your Azure WebApp
  • Requirements for your SSL certificate:
    • Signed by a trusted certificate authority
    • Exported as a password-protected PFX file
    • Contains private key at least 2048 bits long
    • Contains all intermediate certificates in the certificate chain
    • PFX file, if you donĀ“t know the process to generate it:
      • Purchase your Certificate with your preferred vendor
      • Generate the Certificate Request and the Private KEY using Open SSL:
      •  Install OpenSSL
      • Run the following command in CMD:
openssl req -nodes -newkey rsa:2048 -keyout C:\Users\daver\Documents\SSL\wikiazureSSLcert.key -out C:\Users\daver\Documents\SSL\wikiazureSSLcert.csr
Generating a 2048 bit RSA private key

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/Renew-SSL-Certificate-wikiazure-1.png

 

You will get 2 files: the .CSR and the KEY. Now you will need to provide the details for your CSR:

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/Renew-SSL-Certificate-wikiazure-2-1.jpg

 

 

 Now you will have to send the .CSR to your vendor so that they can emit the SSL certificate. Once they get back to you with the certificate (i.e. .CRT) go back to your CMD and generate the .PFX file:

openssl pkcs12 -export -inkey C:\Users\daver\Documents\SSL\wikiazureSSLcert.key -in C:\Users\daver\Documents\SSL\wikiazure_com.crt -certfile C:\Users\daver\Documents\SSL\wikiazure_com.ca-bundle -out C:\Users\daver\Documents\SSL\wikiazureSSLcert.pfx

 

You will need to provide a password and confirm it, then you will see an output like the image below:

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/Renew-SSL-Certificate-wikiazure-3.jpg

Once you have the .PFX file, go to the Azure Portal and select your Webapp, then go to the SSL certificate blade  then click on upload certificate, then remove the existing expired Certificate:

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/Renew-SSL-Certificate-wikiazure-4.jpg

Now select Private certificate and upload your .PFX file and provide the password for your SSL certificate that you previously verified:

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/renew-a-ssl-certificate-for-your-Azure-Webapp-wikiazure.jpg

You can enable SSL binding in the same blade, click on Add SSL binding and select the Hostname, certificate and choose either SSL Type (IP Based SSL or SNI SSL):

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/renew-a-ssl-certificate-for-your-Azure-Webapp-wikiazure-5.jpg

I strongly suggest you to enforce HTTPS to en sure you can redirect all HTTP requests to the HTTPS port. You can do so by going to your WebApp configuration blade, select Custom Domains and click ON.

https://wikiazure.azureedge.net/wp-content/uploads/2018/03/renew-a-ssl-certificate-for-your-Azure-Webapp-wikiazure-6.jpg

Other Languages: 

Spanish(es-mx):