How to get free SSL for Azure Web Apps using StartSSL

In my previous post, I wrote about using Cloudflare to encrypt the traffic of an Azure Web App for free without installing any SSL certificate in Azure.  In this post, I'll explain how to use StartSSL from StartCom to get a free certificate that you can install in the Azure portal.  Please note that this free certificate use is limited to personal and non-commercial use.

In the StartSSL main page, select "StartSSL Free":

First, you now need to create an account by entering your country and email address so they can send you a validation code:

Once accepted, they install a client certificate on your machine.  This is their way to authenticate you so make sure to create your account on a PC you own:

That's it so let's now create a free certificate.  Locate the free certificate section and click on the "here" link:

Select the "Web Server SSL" option:

Click on the "Domain Validation" link:

Enter your domain name:

StartSSL will retrieve the domain administrator email from your registrar so they can send you a verification code:

Get the code, paste it in the "Verification code" field and click on the "Validation" button.

Next, click on "Order SSL Certificate":

You can enter the full hostname. Typically it's "www." + the domain name:

You need to submit the CRS.  Click the link to download the StartCom.exe tool:

Select SSL Certificate, enter the domain name and your country then click on the "Generate CSR" button.  Click on the "Copy" button to copy the CSR.


Back on the Website, paste the CSR and MAKE SURE that you select  "Generated by PKI system".  This will allow you to download your private key and it's the only way I found to do this.

Click on the "Download Private Key" button to download the ssl.key file.  Store this file securely.


Next, you need to wait a while for StartSSL to process the order:

Once processed, locate you certificate in the "Certificate List" section and click on the "Retrieve" button.

The Zip file will contain cert files for IIS.  Locate them so we can generate the pfx file by using the "startcomtool.exe" that we used earlier.

Click on the "Certificate" tab and click on "Generate PFX".  Next, select your certificate (the .crt file) and the private key (the ssl.key file) and enter the password you entered earlier.  Click on "Submit" and save the .pfx file.

Let's now switch to the Azure portal.  Located your App Service, click on "Settings" and click on the "Custom domains and SSL" link.

Click on the "Upload Certificate" button.

Select the .pfx file you created earlier and enter its password.  Click on "Save".

You now see the certificate in the "Certificates".  Add the binding for the naked domain and www and click "Save".


That's it!  We can now browse the site using HTTPS.  If you click on the green lock, you will see that the certificate was issued by StartCom.

Again, this free StartSSL certificate is for personal and non-commercial use.

blog comments powered by Disqus

Page List

Month List