Skip to content

Update configure-ssl-certificate.md #126773

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
v-regandowner merged 2 commits into from
Jun 16, 2025
Merged

Update configure-ssl-certificate.md #126773

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1948b5f
Update configure-ssl-certificate.md
patrickmoore-nc May 12, 2025
4e990b0
Merge branch 'main' into patch-1
v-regandowner Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions articles/app-service/configure-ssl-certificate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,7 @@ The following table lists the options for you to add certificates in App Service

The [free App Service managed certificate](#create-a-free-managed-certificate) and the [App Service certificate](configure-ssl-app-service-certificate.md) already satisfy the requirements of App Service. If you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements:

* Be exported as a [password-protected .pfx file](https://en.wikipedia.org/w/index.php?title=X.509&section=4#Certificate_filename_extensions), encrypted by using triple DES.
* Contain a private key at least 2,048 bits long.
* Be exported as a [password-protected PFX file](https://en.wikipedia.org/w/index.php?title=X.509&section=4#Certificate_filename_extensions).
* Contain all intermediate certificates and the root certificate in the certificate chain.

If you want to help secure a custom domain in a TLS binding, the certificate must meet these extra requirements:
Expand All @@ -48,7 +47,7 @@ If you want to help secure a custom domain in a TLS binding, the certificate mus
* Be signed by a trusted certificate authority.

> [!NOTE]
> *Elliptic curve cryptography (ECC) certificates* work with App Service but aren't covered by this article. For the exact steps to create ECC certificates, work with your certificate authority.
> **Elliptic Curve Cryptography (ECC) certificates** work with App Service when uploaded as a PFX, but currently cannot be imported from Key Vault. They aren't covered by this article. For the exact steps to create ECC certificates, work with your certificate authority.

After you add a private certificate to an app, the certificate is stored in a deployment unit that's bound to the App Service plan's resource group, region, and operating system (OS) combination. Internally, it's called a *webspace*. That way, the certificate is accessible to other apps in the same resource group, region, and OS combination. Private certificates uploaded or imported to App Service are shared with app services in the same deployment unit.

Expand Down