Securing my Azure Web App with HTTPS

3
votes

Say, for example, I have an Azure web app named MyApp and is hosted on Azure as MyApp.azurewebsites.net. It's my understanding that there is nothing I need to do to secure the URL with SSL, as it's done, by default, with a single certificate. So I can already have my users access the app via https://MyApp.azurewebsites.net, and it will be secure right out of the box.

However, say I have another URL named www.MyApp.com that I want to point (redirect) to https://MyApp.azurewebsite.net. Do I have to secure www.MyApp.com with a certificate?

2
sslhttpsazure-web-app-service

2 Answers

5
votes

Do I have to secure www.MyApp.com with a certificate?

Yes, we could get more detail info from the official document .

To secure your custom domain name with HTTPS, you bind a custom SSL certificate to that custom domain in Azure.

Before binding a custom certificate, we need to do the following:

Configure the custom domain - App Service only allows adding a certificate for a domain name that's already configured in your app. For instructions, see Map a custom domain name to an Azure app.

Scale up to Basic tier or higher App Service plans in lower pricing tiers don't support custom SSL certificates. For instructions, see Scale up an app in Azure.

Get an SSL certificate - If you do not already have one, you need to get one from a trusted certificate authority (CA).

0
votes

Yes, if you use a custom host name, then you will need to have a certificate for it. There is really no way around this, based on how SSL works.