I thought I could just create an SSL using openssl and install that
cert on Azure. I tried that but get "Not secure" in chrome for the
cname.
Probably, you have not imported the certificate in your Trusted Root Certification Authorities directory on your machine. You can check configurations on your side as following steps.
If you create a certificate using OpenSSL, you should export the certificate with the private key then upload the certificate .pfx file to the Azure portal. Export certificate to PFX.
Or, you can generate a self-sign certificate with PowerShell.
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "stage.mycompany.com" -FriendlyName "MySiteCert" -NotAfter (Get-Date).AddYears(1)
Export the certificate. Then run MMC, Follow the path to locate the newly generated certificate in your machine. File--- Add\Remove Snap-In---Certificates----add---computer account. Copy the certificate from Personal directory to Trusted Root Certification Authorities directory. Also, you need to export the certificate (.pfx file) with private Key.
On the Azure side, you need to upload and bind the newly generate the self-sign certificate to your websites.
- Map your subdomain
stage.mycompany.com
to your websites. You can select Custom domains in your web app page. Add hostname stage.mycompany.com
, refer to this.
- Bind your SSL certificate. Click SSL settings in the left navigation of your web app. Upload your newly .pfx certificate, and bind your SSL certificate with SNI-based SSL type.
After that, you can access the website with https://stage.mycompany.com. I test it in my lab with IE and Chrome explore as below:
https://{your-webapp-name}.azurewebsites.net
, why bother? – evilSnobu