Upload your own SSL certificate to protect your web service

Post View : 868

If you have read the Let’s Encrypt website, nowadays most modern web browsers would require the web page or web service to enforce the HTTPS connection. That means all the newly built (or even legacy websites) would require you to provide your own SSL certificate.

For a simple and free SSL certificate, I think you will surely know Let’s Encrypt.

A nonprofit Certificate Authority providing TLS certificates to 300 million websites.

https://letsencrypt.org/

Create your own website SSL cert

I will recommend using the tool Certbot.

After installing Certbot, you can use the following command to generate the cert:

$ sudo certbot certonly

If you are afraid of your server may not be accessible from the Certbot service, you can have a dry run:

$ sudo certbot certonly --dry-run

Uploading your certificate to Azure Key Vault

What is Key Vault?

Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools. Vaults support storing software and HSM-backed keys, secrets, and certificates. Managed HSM pools only support HSM-backed keys.

You can know more about Key Vault at Azure Learn.

You can create your Key Vault at Azure Portal.

Find your own Key Vault by searching on the Portal top bar:

Inside Key Vault, Objects, you can find Certificates:

Click on Generate/Import:

You can use Azure Key Vault to generate a certificate.

Or import your own cert:

Note that for Azure Key Vault you can only upload .pfx or .pem format:

After importing the certificates, you can manage all your certificates and their expiration date. When the cert is expired, you just need to import the new cert on Key Vault with a new version.

Using your SSL Cert on App Service

Inside App Service, you can config your certificate on Settings -> TLS/SSL settings:

Upload your SSL cert from “Add TLS/SSL Binding”.

In the next section, we will be demoing how can we upload and apply your own SSL certificate to AKS/Container/Front door.

Chris Wan
Website | + posts

Microsoft Certified Trainer (MCT)
Application Architect, SOS Group Limited

Leave a comment

SOS Group Limited © 2024. All Rights Reserved.