Is it possible to associate a single wildcard SSL certificate with multiple separate App Service instances?

3
votes

We have a number of discrete App Service Plan instances (separated to simplify tenant billing), each hosting a number of Web App instances. Each App is on a subdomain of the same parent:

AppService-1:
subone.mydomain.com
subtwo.mydomain.com

AppService-2:
subthree.mydomain.com
&c...

Can we purchase a single wildcard SSL certificate (from Azure, or elsewhere) for *.mydomain.com and apply it to all three subdomains in the example above, or do we need a separate certificate for each App Service Plan?

4
azuresslssl-certificateazure-web-app-service

4 Answers

4
votes

YES. You have a valid scenario where you can use a single wild card domain for multiple sub-domains. I am attaching a screenshot of my setup below. If you see I have mapped the same certificate for multiple domains.

This will also work with another App Service Plan. These are the things to note though:

  • If the second app service plan is in the same resource group, then you need not Import/Upload the certificate.
  • If the second app service plan is in a different resource group, then you will have to again Import/Upload the certificate.

Certificates are specific to Resource Group and are visible to all the web apps in that resource group.

Also I have my certificate issued for both root domain and Wildcard. This way I can cover more scenarios.

NOTE: Even though there are multiple IP-Based SSL bindings in the screenshot below, there is only IP assigned to the webapp. As there is only certificate which meets all the requirements, the bindings are simple re-using the existing resource (IP).

SSL Bindings

2
votes

Yes, it is possible to associate a single wildcard SSL certificate with multiple separate App Service.

You do not need to purchase an individual SSL Certificates.

  • Get a Wildcard SSL Certificate for *.domain.com.
  • It will allow you to secure anything.domain.com, means security for the unlimited number of sub-domains.
  • But make sure the Certificate Authority from where you have purchased the Wildcard SSL should offering unlimited server license.

Certificate Authorities like Comodo, RapidSSL, Thawte, and GeoTrust are offering unlimited server license along with their Wildcard SSL.

0
votes

Yes, you can do that. What you would do is create a certificate resource and assign that resource to the Web Apps. You might need a separate certificate resource for each app service plan.

0
votes

Yes, you can use same wildcard SSL certificate for your web app services, but make sure that all AppServices are hosted under the same domain. Major certificates authorities are offering unlimited server licenses with their wildcard certificate, you have to configure your certificate on your multiple servers.

AppService-1: 
sub1.mydomain.com 
sub2.mydomain.com

AppService-2: 
sub3.mydomain.com
sub4.mydomain.com

AppService-3: 
sub5.mydomain.com
sub9999.mydomain.com

AlphaSSL, Comodo, RapidSSL offers domain validated low-cost wildcard certificate where Thawte, GlobalSign, and GeoTrust offers organization validated certificate at the higher prices.