We have just introduced the ability to let customers configure intermediate certificates for their TLS/SSL endpoint in Azure App Service Web Apps. There have been a few customer asks about this, like on the forum posts here and here and this ability should address the feature gaps mentioned on these posts.

How do I upload my intermediate certificate?

If you have already uploaded a PFX file with your TLS/SSL certificate, you will have to re-upload the certificate.

Make sure that the PFX file for your TLS/SSL certificate contains the entire certificate chain when exporting; which can be done by making sure you have the option below selected when exporting your certificate from certificate manager in Windows.

Export certificate to PFX with full certificate chain

Re-upload the certificate through either the management portal or the REST API and you’re done. We will check if any of the intermediate certificates in the chain are missing from our front ends and chain to a trusted root; and if we find some missing, we will dynamically install these on the front ends. Do note that we will not install new Root certificates in our Trusted Authorities as a result of this, just the intermediate certificates.