Allowed certificate authorities for enabling custom HTTPS on Azure Front Door

When you enable the HTTPS feature using your own certificate for an Azure Front Door custom domain. You need an allowed certificate authority (CA) to create your TLS/SSL certificate. Otherwise, if you use a non-allowed CA or a self-signed certificate, your request will be rejected.

The following CAs are allowed when you create your own certificate:

  • AddTrust External CA Root
  • AlphaSSL Root CA
  • AME Infra CA 01
  • AME Infra CA 02
  • Ameroot
  • APCA-DM3P
  • Atos TrustedRoot 2011
  • Autopilot Root CA
  • Baltimore CyberTrust Root
  • Class 3 Public Primary Certification Authority
  • COMODO RSA Certification Authority
  • COMODO RSA Domain Validation Secure Server CA
  • D-TRUST Root Class 3 CA 2 2009
  • DigiCert Cloud Services CA-1
  • DigiCert Global Root CA
  • DigiCert Global CA G2
  • DigiCert High Assurance CA-3
  • DigiCert High Assurance EV Root CA
  • DigiCert SHA2 Extended Validation Server CA
  • DigiCert SHA2 High Assurance Server CA
  • DigiCert SHA2 Secure Server CA
  • DST Root CA X3
  • D-trust Root Class 3 CA 2 2009
  • Encryption Everywhere DV TLS CA
  • Entrust Root Certification Authority
  • Entrust Root Certification Authority - G2
  • Entrust.net Certification Authority (2048)
  • GeoTrust Global CA
  • GeoTrust Primary Certification Authority
  • GeoTrust Primary Certification Authority - G2
  • Geotrust RSA CA 2018
  • GlobalSign
  • GlobalSign Extended Validation CA - SHA256 - G2
  • GlobalSign Organization Validation CA - G2
  • GlobalSign Root CA
  • Go Daddy Root Certificate Authority - G2
  • Go Daddy Secure Certificate Authority - G2
  • Let's Encrypt Authority X3
  • QuoVadis Root CA2 G3
  • RapidSSL RSA CA 2018
  • Security Communication RootCA1
  • Security Communication RootCA2
  • Security Communication RootCA3
  • Symantec Class 3 EV SSL CA - G3
  • Symantec Class 3 Secure Server CA - G4
  • Symantec Enterprise Mobile Root for Microsoft
  • Thawte Primary Root CA
  • Thawte Primary Root CA - G2
  • Thawte Primary Root CA - G3
  • Thawte RSA CA 2018
  • Thawte Timestamping CA
  • TrustAsia TLS RSA CA
  • VeriSign Class 3 Extended Validation SSL CA
  • VeriSign Class 3 Extended Validation SSL SGC CA
  • VeriSign Class 3 Public Primary Certification Authority - G5
  • VeriSign International Server CA - Class 3
  • VeriSign Time Stamping Service Root
  • VeriSign Universal Root Certification Authority