New-AzureRmWebAppSSLBinding

Creates an SSL certificate binding for an Azure Web App.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

New-AzureRmWebAppSSLBinding
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [[-Slot] <String>]
   [-Name] <String>
   [[-SslState] <SslState>]
   [-CertificateFilePath] <String>
   [-CertificatePassword] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzureRmWebAppSSLBinding
   [-ResourceGroupName] <String>
   [-WebAppName] <String>
   [[-Slot] <String>]
   [-Name] <String>
   [[-SslState] <SslState>]
   [-Thumbprint] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzureRmWebAppSSLBinding
   [-WebApp] <PSSite>
   [-Name] <String>
   [[-SslState] <SslState>]
   [-CertificateFilePath] <String>
   [-CertificatePassword] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
New-AzureRmWebAppSSLBinding
   [-WebApp] <PSSite>
   [-Name] <String>
   [[-SslState] <SslState>]
   [-Thumbprint] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzureRmWebAppSSLBinding cmdlet creates a Secure Socket Layer (SSL) certificate binding for an Azure Web App. The cmdlet creates an SSL binding in two ways:

  • You can bind a Web App to an existing certificate.
  • You can upload a new certificate and then bind the Web App to this new certificate. Regardless of which approach you use, the certificate and the Web App must be associated with the same Azure resource group. If you have a Web App in Resource Group A and you want to bind that Web App to a certificate in Resource Group B, the only way to do that is to upload a copy of the certificate to Resource Group A. If you upload a new certificate, keep in mind the following requirements for an Azure SSL certificate:
  • The certificate must contain a private key.
  • The certificate must use the Personal Information Exchange (PFX) format.
  • The certificate's subject name must match the domain used to access the Web App.
  • The certificate must use a minimum of 2048-bit encryption.

Examples

Example 1: Bind a certificate to a Web App

PS C:\>New-AzureRmWebAppSSLBinding -ResourceGroupName "ContosoResourceGroup" -WebAppName "ContosoWebApp" -Thumbprint "E3A38EBA60CAA1C162785A2E1C44A15AD450199C3" -Name "www.contoso.com"

This command binds an existing Azure certificate (a certificate with the Thumbprint E3A38EBA60CAA1C162785A2E1C44A15AD450199C3) to the web app named ContosoWebApp.

Parameters

-CertificateFilePath

Specifies the file path for the certificate to be uploaded. The CertificateFilePath parameter is only required if the certificate has not yet been uploaded to Azure.

Type:String
Position:4
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-CertificatePassword

Specifies the decryption password for the certificate.

Type:String
Position:5
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of the Web App.

Type:String
Position:3
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the resource group that the certificate is assigned to. You cannot use the ResourceGroupName parameter and the WebApp parameter in the same command.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Slot

Specifies the name of the Web App deployment slot. You can use the Get-AzureRMWebAppSlot cmdlet to get a slot. Deployment slots provide a way for you to stage and validate web apps without those apps being accessible over the Internet. Typically you will deploy your changes to a staging site, validate those changes, and then deploy to the production (Internet-accessible) site.

Type:String
Position:2
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SslState

Specifies whether the certificate is enabled. Set the SSLState parameter to 1 to enable the certificate, or set SSLState to 0 to disable the certificate.

Type:Nullable<T>[SslState]
Accepted values:Disabled, SniEnabled, IpBasedEnabled
Position:4
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Thumbprint

Specifies the unique identifier for the certificate.

Type:String
Position:6
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WebApp

Specifies a Web App. To get a Web App, use the Get-AzureRmWebApp cmdlet. You cannot use the WebApp parameter in the same command as the ResourceGroupName parameter and/or the WebAppName.

Type:PSSite
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WebAppName

Specifies the name of the Web App for which the new SSL binding is being created. You cannot use the WebAppName parameter and the WebApp parameter in the same command.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Site

Parameters: WebApp (ByValue)

Outputs

HostNameSslState