Azure SSL Binding Issue- No match seleted hostname

0
votes

I bougth a SSL certificate online from a seller today for my custom domain which redirected to the azure web application with cname. I did created csr file with that domain let's call it app3.product.com by using IIS 8.And then created the .crt filel with that csr file.

After that i did found that i need the pfx file but i didn't have .key file so, i converted the .crt to .cer than uploaded it by azure portal.

The problem is Azure portal says,

No certificates match the selected hostname

Althogh my certificate issued as app3.product.com and the host name has the same domain name. It doesn't work.

I didn't include key file while i am creating the csr file also the subject of the certificate has some additional information by the issuer. The subject like app3.product.com, Certificate Issued By ... These may be the source of the issue.

Thank you in advance.

1
azuresslazure-web-app-service

1 Answers

1
votes

You need to include the private key. Otherwise your web server can not decrypt the data the clients (web browsers) are sending to it.

Explanation:

HTTPS/TLS/SSL are based on asymmetric cryptography which means that data gets encrypted with a so-called public key and can only be decrypted with the corresponding private key.

This means that your web server will send a certificate to the browsers which contains the domain name + the public key + a signature from a Certificate Authority (CA). The web browser then checks then if this certificate is valid (with a CA certificate) and uses the included public key to encrypt further data. Since your web server is the only one who knows the private key it can use it to decrypt the web browsers request. Actually the overall process is even a little bit more complex. You might want to have a look at the TLS handshake protocol to see how it works.