Bind a custom SSL certificate to a web app

This sample script creates a web app in App Service with its related resources, then binds the SSL certificate of a custom domain name to it.

If needed, install the Azure PowerShell using the instruction found in the Azure PowerShell guide, and then run Login-AzureRmAccount to create a connection with Azure. Also, ensure that:

  • A connection with Azure has been created using the az login command.
  • You have access to your domain registrar's DNS configuration page.
  • You have a valid .PFX file and its password for the SSL certificate you want to upload and bind.

Sample script

$fqdn="<Replace with your custom domain name>"
$pfxPath="<Replace with path to your .PFX file>"
$pfxPassword="<Replace with your .PFX password>"
$webappname="mywebapp$(Get-Random)"
$location="West Europe"

# Create a resource group.
New-AzureRmResourceGroup -Name $webappname -Location $location

# Create an App Service plan in Free tier.
New-AzureRmAppServicePlan -Name $webappname -Location $location `
-ResourceGroupName $webappname -Tier Free

# Create a web app.
New-AzureRmWebApp -Name $webappname -Location $location -AppServicePlan $webappname `
-ResourceGroupName $webappname

Write-Host "Configure a CNAME record that maps $fqdn to $webappname.azurewebsites.net"
Read-Host "Press [Enter] key when ready ..."

# Before continuing, go to your DNS configuration UI for your custom domain and follow the 
# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for the 
# hostname "www" and point it your web app's default domain name.

# Upgrade App Service plan to Basic tier (minimum required by custom SSL certificates)
Set-AzureRmAppServicePlan -Name $webappname -ResourceGroupName $webappname `
-Tier Basic

# Add a custom domain name to the web app. 
Set-AzureRmWebApp -Name $webappname -ResourceGroupName $webappname `
-HostNames @($fqdn,"$webappname.azurewebsites.net")

# Upload and bind the SSL certificate to the web app.
New-AzureRmWebAppSSLBinding -WebAppName $webappname -ResourceGroupName $webappname -Name $fqdn `
-CertificateFilePath $pfxPath -CertificatePassword $pfxPassword -SslState SniEnabled

Clean up deployment

After the script sample has been run, the following command can be used to remove the resource group, web app, and all related resources.

Remove-AzureRmResourceGroup -Name myResourceGroup -Force

Script explanation

This script uses the following commands. Each command in the table links to command specific documentation.

Command Notes
New-AzureRmResourceGroup Creates a resource group in which all resources are stored.
New-AzureRmAppServicePlan Creates an App Service plan.
New-AzureRmWebApp Creates a web app.
Set-AzureRmAppServicePlan Modifies an App Service plan to change its pricing tier.
Set-AzureRmWebApp Modifies a web app's configuration.
New-AzureRmWebAppSSLBinding Creates an SSL certificate binding for a web app.

Next steps

For more information on the Azure PowerShell module, see Azure PowerShell documentation.

Additional Azure Powershell samples for Azure App Service Web Apps can be found in the Azure PowerShell samples.