question

PranavJoshi-7091 avatar image
0 Votes"
PranavJoshi-7091 asked ·

Azure managed app service certificates

I have application deployed in azure kubernetes service, As Ingress I am using application gateway. I need wildcard Azure managed certificates. Questions: 1) How to use them with application gateway and what would be pricing ? 2) I can see wildcard certificates are charged yearly. If I test them out within a month and delete within 30 days do I have to pay for full 1 year ? 3) I do have certificates of my own in .pfx format is there any way to use those certificates in application gateway ? Thanks, Pranav Joshi

azure-webapps-ssl-certificates
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

brtrachMSFT-0711 avatar image
0 Votes"
brtrachMSFT-0711 answered ·

@PranavJoshi-7091 Thank you for your question and interest in Azure App Service Certificates.

Please note that there are two product offerings. App Service Managed Certificates and App Service Certificates. Since it appears that you need a wildcard certificate, you will be needing the App Service Certificate.

"The offering for App Service Certificates will still be available with the launch of App Service Managed Certificates as these two features have their differences and are better suited for different scenarios. Aside from the main difference of pricing, a major difference between the two is that you will not be able to export your App Service Managed Certificates as they are managed by the platform. If you’re planning to do a live site migration with TXT record, need support for apex domains, or need a wildcard certificate, then use App Service Certificates or bring your own certificate." Source


In order to use your App Service Cert with App Gateway, you will need to export a copy of the certificate to your local computer to complete the steps outlined in the below documentation. In order to export it, please see Creating a local PFX copy of App Service Certificate.

In regards with how to use the certificate with Azure App Gateway, please see the below documentation. (Please note that you may have to convert your .PFX file to a .CER file depending on the requirements of Azure App Gateway.

Yes, App Service Certs are charged as a one time yearly fee. Deleting the certificate does not generate any refund/credit (full or prorated). Before purchasing a certificate, I would suggest creating a free billing ticket to verify if they issue credits/refunds for App Service Certs and what the limitations might be (number of days since initial purchase, was it used, etc.). To open a ticket with them, please follow these steps. Only the billing team can verify if/when credits/refunds can be issued, which is why it is best to check with them directly as they are the ones who would submit the credit/refund request to see if it would be approved/denied.

You can use your own .PFX certs if they meet the below criteria (you might have to convert them to .CER):

  • CA (Certificate Authority) certificate: A CA certificate is a digital certificate issued by a certificate authority (CA)

  • EV (Extended Validation) certificate: An EV certificate is a certificate that conforms to industry standard certificate guidelines. This will turn the browser locator bar green and publish the company name as well.

  • Wildcard Certificate: This certificate supports any number of subdomains based on .site.com, where your subdomain would replace the . It doesn’t, however, support site.com, so in case the users are accessing your website without typing the leading "www", the wildcard certificate will not cover that.

  • Self-Signed certificates: Client browsers do not trust these certificates and will warn the user that the virtual service’s certificate is not part of a trust chain. Self-signed certificates are good for testing or environments where administrators control the clients and can safely bypass the browser’s security alerts. Production workloads should never use self-signed certificates.
    Source

Please let us know if you have any further questions or concerns regarding this matter.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.