From 1948b5f960924462a2c7b7ebf40e023f83bed018 Mon Sep 17 00:00:00 2001 From: patrickmoore-nc <94625903+patrickmoore-nc@users.noreply.github.com> Date: Mon, 12 May 2025 23:26:15 +0100 Subject: [PATCH] Update configure-ssl-certificate.md --- articles/app-service/configure-ssl-certificate.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/articles/app-service/configure-ssl-certificate.md b/articles/app-service/configure-ssl-certificate.md index 50c43091659c3..d7ea803cd68ad 100644 --- a/articles/app-service/configure-ssl-certificate.md +++ b/articles/app-service/configure-ssl-certificate.md @@ -43,8 +43,7 @@ The following table lists the options for you to add certificates in App Service The [free App Service managed certificate](#create-a-free-managed-certificate) and the [App Service certificate](configure-ssl-app-service-certificate.md) already satisfy the requirements of App Service. If you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements: -* Exported as a [password-protected PFX file](https://en.wikipedia.org/w/index.php?title=X.509§ion=4#Certificate_filename_extensions), encrypted using triple DES -* Contains private key at least 2048 bits long +* Exported as a [password-protected PFX file](https://en.wikipedia.org/w/index.php?title=X.509§ion=4#Certificate_filename_extensions) * Contains all intermediate certificates and the root certificate in the certificate chain If you want to help secure a custom domain in a TLS binding, the certificate must meet these additional requirements: @@ -53,7 +52,7 @@ If you want to help secure a custom domain in a TLS binding, the certificate mus * Signed by a trusted certificate authority > [!NOTE] -> **Elliptic Curve Cryptography (ECC) certificates** work with App Service but aren't covered by this article. For the exact steps to create ECC certificates, work with your certificate authority. +> **Elliptic Curve Cryptography (ECC) certificates** work with App Service when uploaded as a PFX, but currently cannot be imported from Key Vault. They aren't covered by this article. For the exact steps to create ECC certificates, work with your certificate authority. > [!NOTE] > After you add a private certificate to an app, the certificate is stored in a deployment unit that's bound to the App Service plan's resource group, region, and operating system combination, internally called a *webspace*. That way, the certificate is accessible to other apps in the same resource group, region, and OS combination. Private certificates uploaded or imported to App Service are shared with App Services in the same deployment unit.