As is generally known, all services on the Internet must be encrypted. The SSL certificates of your trusted provider serve this purpose. Such certificates are often not inexpensive and / or associated with recurring administrative effort due to their renewal. However, Microsoft offers a free SSL Certificate for your Azure App Service. In this article, I go into more detail about the advantages and disadvantages. In addition, you can find a HowTo video on how to get a free App Service Certificate yourself or read about it directly at Microsoft Docs.
What are the advantages of the free App Service SSL Certificate
The certificate provided by Microsoft comes with a few advantages. The most obvious one might be that it is free of charge. In addition, the following advantages should be mentioned:
- The certificate is valid for less time than the classically purchased certificates. The short duration of 6 months increases the security.
- Azure automatically issues, manages and renews the certificate. This saves the recurring effort.
- No additional provider and/or tool is required. You can simply request the certificate with a mouse click in the Azure portal and Azure will issue it directly in a few moments.
- Microsoft offers direct support.
What's the argument against the free Azure App Service SSL Certificate?
Like almost everywhere, there are certain disadvantages. Until recently, the biggest disadvantage was that no root certificates could be issued. With the prefix "www." this problem could be avoided. But this is no longer necessary, because this disadvantage has been removed and now root certificates can be issued. The disadvantages that still exist are listed below:
- A wildcard certificate is not possible.
- It is not supported in an App Service Environment (ASE).
- The CNAME DNS record must point directly to .azurewebsites.net.
Not possible for root domains.Supported in the meantime, as long as the domain is not integrated in Azure Traffic Manager.
- The certificate cannot be exported and can only be used for App Service.
What's wrong with a free 3rd party SSL certificate
In the following I will show the disadvantages of a 3rd party free SSL certificate using the popular service of "LET'S ENCRYPT" as an example:
- At 90 days, the validity period is even shorter than with Azure. This increases security. However, since there is no built-in automatism for renewing "LET'S ENCRYPT" certificates on Azure, this increases the administration and recurring effort. (Of course, this can be automated with a custom script).
- In case of problems the support of "LET'S ENCRYPT" is only possible via the forum.
There are pros and cons to weigh. The Azure free certificate is certainly not suitable for every use. But if you only need a certificate for the Azure App Service and not a wildcard certificate, then I prefer the certificate from Azure. This is mainly due to the ease of use directly in the same tool. If you absolutely need a wildcard certificate, then 3rd party free providers like "LET'S ENCRYPT" are available.