Why is my SSL Certificate on Azure App Service not working correctly?

1
votes

I used to run one of my websites (EyeDentity.Online) from a Windows VM on Azure. I had an SSL Certificate in IIS up to run it and all was well in the world.

Since I moved the Website to the Azure App Service and installed the SSL Certificate in Azure whenever I go to the Website for the first time in a browser session it tells me that the certificate is invalid.

It appears to quote the standard AzureWebsites.NET even though my certificate is bound to my website

How can I get this warning to go away as it may be scaring away users!

enter image description here When I click "Show Certificate" I see the following.

3
azuresslssl-certificateazure-web-app-service
Did you ever find a fix for this? I have exactly the same issue (using asp.net core 2.0 / issue appeared after I deleted the original app and created a new one with the same name/config hosted in a different region)JohnLBevan

3 Answers

0
votes

Things to check:

  1. You must be on Standard or Premium level to bind to cert
  2. Check SSL bindings section of Custom Domains and SSL blade to make sure you've bound the domain to the right cert.

enter image description here

The description of the problem sounds like number 2 here. If you haven't changed this, then it will bind by default to the azurewebsites cert and not yours.

Some docs here: https://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/

-1
votes

Your cert is for azurewebsites.net and not EyeDentity.Online. You should get a wildcard cert for your domain name:

*.azurewebsites.net should be: *.eyedentity.online

ref: https://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/#1-get-an-ssl-certificate

"Before requesting an SSL certificate you must first determine which domain names will be secured by the certificate. This will determine what type of certificate you must obtain. If you just need to secure a single domain name such as contoso.com or www.contoso.com a basic certificate is sufficient. If you need to secure multiple domain names, such as contoso.com, www.contoso.com, and mail.contoso.com, then you can get a wildcard certificate, or a certificate with Subject Alternate Name (subjectAltName)."

-1
votes

It is not a problem with SSL Binding or with incorrect ssl being added.

It may not be a problem with the domain mapping. If so then you must check the SSL type selected in binding. If it is correct and still facing problem see below..

Azure provide a subdomain when you use their service. When the domain mapping is not done correctly then their wildcard certificate will be showing in your website.

Mapping must be done for www.example.com and example.com. Many of us map www. but forget the bare domain this must be the case here.

Please click here for steps to create the domain mapping. When correctly mapped your correct certificate will be displayed without any error.