In part one we discussed how we can add custom domain in Sitecore App Service. Today we will go through how we can secure this custom domain with SSL bindings, so without doing any further delay below are the points to add SSL bindings.
Secure a custom domain
Do the following steps:
In the Azure portal, from the left menu, select App Services > <app-name>.
From the left navigation of your app, start the TLS/SSL Binding dialog by:
- Selecting Custom domains > Add binding
- Selecting TLS/SSL settings > Add TLS/SSL binding
In Custom Domain, select the custom domain you want to add a binding for.
If your app already has a certificate for the selected custom domain, go to Create binding directly. Otherwise, keep going.
Add a certificate for custom domain
If your app has no certificate for the selected custom domain, then you have two options:
- Upload PFX Certificate – Follow the workflow at Upload a private certificate, then select this option here.
- Import App Service Certificate – Follow the workflow at Import an App Service certificate, then select this option here.
Use the following table to help you configure the SSL binding in the TLS/SSL Binding dialog, then click Add Binding.
|Custom domain||The domain name to add the SSL binding for.|
|Private Certificate Thumbprint||The certificate to bind.|
Once the operation is complete, the custom domain’s SSL state is changed to Secure.
A Secure state in the Custom domains means that it is secured with a certificate, but App Service doesn’t check if the certificate is self-signed or expired, for example, which can also cause browsers to show an error or warning.
Remap A record for IP SSL
If you don’t use IP SSL in your app, skip to Test HTTPS for your custom domain.
By default, your app uses a shared public IP address. When you bind a certificate with IP SSL, App Service creates a new, dedicated IP address for your app.
If you mapped an A record to your app, update your domain registry with this new, dedicated IP address.
In various browsers, browse to
https://<your.custom.domain> to verify that it serves up your app.