We have a need to set up SSL certificates for a number of the WordPress sites we have set up as an Azure Web App.
The simplest way to do this, at least for us, is to use the built-in CSR certificate request mechanism as we just happen to have a number of them about. 😉
To do so:
- Open the IIS console
- Navigate to ServerName (Domain\Domain.Admin)
- Double click the Server Certificates shortcut in the IIS section
- Create Certificate Request
- Fill out the form
- Set the Bit length to 2048
- Specify a name and folder for the CSR file
- A plain text file is okay since we will be pasting the contents of the .TXT file into the Certificate Authority’s console
- Open File Explorer, navigate to the .TXT file, double click to open, and COPY the contents
- Paste into the Certificate Authority’s CSR
- Depending on the Certificate Authority and type of certificate there will be some sort of ownership validation
- Once the process completes we paste the new certificate into the still open NotePad window and Save As
- In the IIS Console click Complete certificate request
- Point to the TXT file
- Once its complete click on Start and type Certificates click on Manage computer certificates
- Navigate to the Personal –> Certificates folder
- Select Yes to export the Private Key
- Options to set
- Set a password
- Select a location and name for the file making sure the extension is .pfx
- The exported file should have a key symbol on it indicating the Private Key is there
From here we go to the Azure portal and the Add Private Certificate (.pfx) blade and upload the certificate.
Put the password set to the .PFX file in and click the Upload button.
Azure should let us know things are happy.
On the SSL Binding blade we choose our domain name, the certificate we just uploaded, and SNI (Server Name Indication) that allows Azure to route the packets to the correct place.
Click the Add binding button and eventually the newly seated certificate will show.
Note that we choose to use a trusted certificate authority over any of the freebies out there as the green lock says that our site has been domain ownership verified.