Secure your Custom Domains at no cost with App Service Managed Certificates (preview)
Updated: 04 November, 2019
Free Transport Layer Security (TLS) for Azure App Service is now in preview! This has been one of the most highly requested features of the service since its inception. The feature is named App Service Managed Certificates and it will let you secure custom domains on your Windows and Linux apps for no additional charge. This provides developers with a zero-cost option for working on their dev, test and production sites. This feature is available for customers on an App Service Plan of Basic and above (free and shared tiers are not supported). The certificate issued will be a standard certificate and not a wildcard certificate. Each certificate will be valid for six months, and about a month before the certificate’s expiry date, App Service will renew the certificate.
The offering for App Service Certificates will still be available with the launch of App Service Managed Certificates, as these two features have their differences and are better suited for different scenarios. Besides the main difference of pricing, a major difference between the two is that you will not be able to export your App Service Managed Certificates, as they are managed by the platform. If you’re planning to do a live site migration with TXT record, need support for apex domains or need a wildcard certificate, then use App Service Certificates or bring your own certificate.
To get started, add a CNAME record for the domain to your web app. In the Azure Portal, head to your web app and, from the left navigation of your app, select TLS/SSL settings > Private Key Certificates (.pfx) > Create App Service Managed Certificate.
Once you’ve successfully created your App Service Managed Certificate, you’ll see it on the list of Private Key Certificates.
For additional reference, see the documentation.
In case of any feedback, please inform us by creating an entry on the developer forums.