1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure Application and Data Security

Uploading and Binding SSL Certificates to Azure App Service

The course is part of this learning path

Start course
Microsoft Azure offers a wide range of options to secure and protect your data, regardless of the format. Whether you're dealing with documents, SQL databases or big data, there are multiple solutions ranging from authentication to virtual networks.
In this course, we will cover the protection of your data from external and internal threats, whether those threats be malicious or accidental. We will see how good design combined with the right configuration can secure your organization's most precious asset: its data.

Learning Objectives

  • Configure security policies to classify, protect, and manage data
  • Configure data retention for storage and databases
  • Set up Azure SQL security features and auditing
  • Learn how to configure storage account security and access
  • Learn how to secure HDInsight clusters
  • Configure Cosmos DB security
  • Configure Data Lake security
  • Learn good design features of an Azure application
  • See how Azure App Services can secure your app
  • See how a governance policy can help formalize security requirements

Intended Audience

  • People preparing for Microsoft’s AZ-500 exam
  • System administrators
  • App developers


  • Experience with Microsoft Azure
  • Experience with Office 365
  • Basic knowledge of computer security principles
  • Basic networking knowledge



Let's now look at uploading and binding an SSL certificate to an Azure app service. To upload and bind an SSL certificate to a custom domain, you need to make sure your web app is running on a pricing tier that will support SSL certificates. F1 and D1 tiers do not support this feature. You can change your app's tier by selecting Scale up app service plan under settings. To secure a custom domain, click Custom domains on the left navigation pane of your app, then click Add binding for the domain you want to secure. If you don't see Add binding for a domain, then it's already secure and you should have a secure SSL state.

Next, we want to upload our certificate. In the PFX certificate file, click Upload and browse to your certificate file, and then enter the certificate password. Once your certificate has been uploaded (wait until it has), you can go and open the SSL bindings dialog, select the certificate you uploaded and the SSL type, and then click Add binding. SNI-based SSL and IP-based SSL are supported.

If you use IP-based SSL, you'll need to remap your A record to the new custom domain IP address, as, by default, apps share a public IP address. Next, we need to redirect all HTTP requests to HTTPS. This can be done by setting HTTPS to "on" within SSL settings. This dialog also allows you to change the TSL version from the default 1.2. Here we have two scripts for uploading a certificate. One is an Azure command line interface script and the other an Azure PowerShell script.

About the Author
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.