DEV Community

Discussion on: Configuring the free TLS/SSL certificates on Azure App Service

Collapse
davidrousseau75 profile image
Benethor

Hello Julien.

I am looking at a way to automate the certificate creation in my release pipeline. Did you come across anything (CLI, Powershell, ARM) ?

Thank you
David

Collapse
felpel profile image
Félix Pelletier • Edited on

I have a similar question, but it would be for the equivalent operation with the Azure SDK for Node.js.

I've created a managed certificate with those instructions and checked on resources.azure.com to understand what is actually generated by Azure's backend (placeholders such as {certificateName} are in place instead of the actual values):

{
  "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupId}/providers/Microsoft.Web/certificates/{certificateName}",
  "name": "{certificateName}",
  "type": "Microsoft.Web/certificates",
  "location": "East US",
  "properties": {
    "friendlyName": "",
    "subjectName": "{hostname}",
    "hostNames": [
      "{hostname}"
    ],
    "pfxBlob": null,
    "siteName": null,
    "selfLink": null,
    "issuer": "GeoTrust RSA CA 2018",
    "issueDate": "2020-03-25T00:00:00+00:00",
    "expirationDate": "2020-09-25T12:00:00+00:00",
    "password": null,
    "thumbprint": "{certificateThumbprint}",
    "valid": null,
    "toDelete": null,
    "cerBlob": null,
    "publicKeyHash": null,
    "hostingEnvironment": null,
    "hostingEnvironmentProfile": null,
    "keyVaultId": "",
    "keyVaultSecretName": "",
    "keyVaultSecretStatus": "Succeeded",
    "webSpace": "{resourceGroupId}-EastUSwebspace",
    "serverFarmId": null,
    "canonicalName": "{hostname}",
    "tags": null
  }
}

I'm not sure if we only have to fill the following properties:

  • name;
  • location;
  • subjectName;
  • hostNames;
  • canonicalName;
Collapse
jdubois profile image
Julien Dubois Author

Hi Félix: I would rather use the automatic set up I have above, which works with all languages, than try to set it up manually. It might work today, but it might break when there's a new release. Then, I don't expect this to be very complicated or change very often, so if you only need to change those 5 properties it's probably not too bad.

Collapse
jdubois profile image
Julien Dubois Author

Hi Benethor, and sorry for the late response (I never got the email from dev.to, I guess it want to my spam box). In this article I don't do it in the release pipeline: it's all automated by Azure App Service, so there's really nothing to do.
However, I do also run VMs where I need to handle that certificate myself: in that case, the easiest thing I found is to use Apache with the Let's Encrypt script. It's all done automatically and renewed with a CRON job, so it should work without much maintenance. I only remember that one time I had to upgrade the script manually because they had a major release. So that's a bit more work & maintenance, but that's still easy to set up.