Can a web app be set up to securely serve wildcard subdomains

JRoughan 11 Reputation points
2021-05-22T00:20:29.43+00:00

I have a web app tier which allows custom domains (and SNI), I have a wildcard SSL certificate, and I have a domain purchased via the Azure portal. I can find no documentation that allows me to set up secure wildcard subdomain handling for my domain. I have a root A record pointing to the app service IP address, and I have a wildcard record pointing to the xxx.azurewebsites.com domain. I can add subdomains one by one but if I try to add a wildcard subdomain it fails because it also tries to create an equivalent asuid.*.domain.com record and that's an invalid record.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,915 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andriy Bilous 10,976 Reputation points MVP
    2021-05-26T07:57:06.55+00:00

    Hello @JRoughan

    You can add a wildcard domain such as *.contoso.com, which would allow users to access the site using any subdomain (, admin.contoso.com, etc). The process of adding a wildcard domain to a site is almost exactly the same as for adding regular domains.

    First you should create CNAME records 

    CNAME * entry that points to appname.azurewebsites.net  
CNAME exampleentry that points to example.appname.azurewebsites.net

    Second add a hostname *.yourdomain.com in your App Service.
    Your App Service > Custom Domains > Add a hostname *.yourdomain.com.

    https://azure.microsoft.com/en-in/blog/azure-websites-and-wildcard-domains/
    https://stackoverflow.com/questions/39914184/wildcard-subdomains-on-azure

  2. ajkuma 22,416 Reputation points Microsoft Employee
    2021-05-26T08:38:17.47+00:00

    @JRoughan , Apologies for the delay in responding here!

    Kindly take a look at this doc Secure a custom DNS name with a TLS/SSL binding in Azure App Service for the detailed steps.

    Firstly, create a wildcard name * to the app's default domain name (<yourappname>.azurewebsites.net) and the TXT record - The ‘Host Record’ type ‘TXT’ -asuid - App Service accesses the asuid TXT record to verify your ownership of the custom domain.

    Once the CNAME and TXT records are added - You can now add any subdomain that matches the wildcard name to the app.
    (for example, sub1.domain.com, sub2.domain.com and *.contoso.com both match *.contoso.com).

    Refer this doc create-the-cname-record for more details.

    When the CNAME is added, the DNS records page looks like the following example (copied from the doc):
    99784-image.png

    If the issue still persist, kindly let us know (Please do share screenshots of the error after concealing any PII data). I'll follow-up with you and would be happy to assist you further.