How do I create an SSL binding when the certificate is already installed?

[hovsepm]

From @j055 on March 14, 2017 21:5

I have a wildcard certificate installed in the webapp. How do I create an SSL Binding to a certificate which is already installed? I was expecting to specify the thumbprint but it looks like I have to upload the cert every time I create a binding.

app1 = app1.Update()
                                .WithManagedHostnameBindings(domain, app1Name)
                                .DefineSslBinding()
                                    .ForHostname(app1Name + "." + domainName)
                                    .WithPfxCertificateToUpload("Asset/" + pfxPath, CertificatePassword)
                                    .WithSniBasedSsl()
                                    .Attach()
                                .Apply();

Thanks
Andrew

Copied from original issue: Azure/azure-sdk-for-net#2935

[hovsepm]

From @jianghaolu on May 2, 2017 19:3

I'll add support for this in the next release.

[hovsepm]

From @jianghaolu on June 14, 2017 21:19

This is supported in v1.1.0.

[hovsepm]

From @j055 on June 20, 2017 17:26

How do we use this? I tried the following:

           _webApp.Update()
                .WithClientCertEnabled(true)
                .DefineHostnameBinding()
                .WithThirdPartyDomain(domain)
                .WithSubDomain(subDomain)
                .WithDnsRecordType(CustomHostNameDnsRecordType.CName)
                .Attach()
                .Apply();

ALL CERTIFICATES stop working in the site including site.azurewebsites.net. The browser presents a 'Select a Certificate' dialog with 403 error saying the site is stopped when in fact it isn't:

The Azure portal shows everything working normally even though the certs are broken.

The WebApp needs deleting and recreating to fix it.

[hovsepm]

@jianghaolu please followup with the sample link.

[hovsepm]

From @j055 on June 26, 2017 15:52

This is easily reproducible:

1. Create a web app (I used a basic app service plan)
2. Add a CName record in your DNS to point to myapp.azurewebsites.net
3. Execute the following:

	webApp.Update()
				.WithClientCertEnabled(true)
				.DefineHostnameBinding()
				.WithThirdPartyDomain("mydomain.com")
				.WithSubDomain("test1")
				.WithDnsRecordType(CustomHostNameDnsRecordType.CName)
				.Attach()
				.Apply();

The site now returns HTTP 403 forbidden.

[hovsepm]

From @Dona278 on September 6, 2017 15:22

@j055 To add a certificate binding to an existing web app i used:

await azure.WebApps.Inner
       .CreateOrUpdateHostNameBindingAsync(
                RESOURCE_GROUP_NAME,
                WEB_APP_NAME,
                EXISTING_BINDED_TO_WEB_APP_HOSTNAME,
                new HostNameBindingInner(
                      azureResourceType: AzureResourceType.Website,
                      hostNameType: HostNameType.Verified,
                      customHostNameDnsRecordType: CustomHostNameDnsRecordType.CName // or A depends on the type of hostname,
                      sslState: SslState.SniEnabled,
                      thumbprint: CERTIFICATE_THUMBPRINT));

[hovsepm]

From @j055 on October 2, 2017 10:4

@Dona278. Thanks. in v1.3 CreateOrUpdateHostNameBindingAsync changed to CreateOrUpdateHostNameBindingWithHttpMessagesAsync

await azure
    .WebApps
    .Inner
    .CreateOrUpdateHostNameBindingWithHttpMessagesAsync(
        resourceGroupName, 
        webAppName, 
        domain,
		new HostNameBindingInner(
                    azureResourceType: AzureResourceType.Website,
                    hostNameType: HostNameType.Verified,
                    customHostNameDnsRecordType: CustomHostNameDnsRecordType.CName,
                    sslState: SslState.SniEnabled,
                    thumbprint: thumbprint));

[Tealons]

This one helped! Thanks!

[jianghaolu]

This is now supported in 1.14.0 release through https://github.com/Azure/azure-libraries-for-net/blob/master/src/ResourceManagement/AppService/Domain/HostNameSslBinding/Definition/IDefinition.cs#L109.

[glaidler]

Hi, sorry but I can't follow the specifc fluent code I need to execute this.. I have tried:

_azure.WebApps.GetById(AppInstanceId).Update()
.WithThirdPartyHostnameBinding(domain).DefineSslBinding().ForHostname(domain)
.WithExistingCertificate(thumbprint).WithSniBasedSsl().Attach();

But this does not work. Can anyone supply code that works against the interface defined by @jianghaolu