Adding SSL support for your site nowadays is much easier than it was 10 years ago when I was working for a hosting company as a side gig, but unless you are buying the certificate from the same company hosting your site, the process becomes a little challenging.
I chose to buy the cheaper SSL certificate from namecheap.com (provided by PositiveSSL) instead of the more expensive one from Azure.
In order to finish ordering the new certificate from namecheap.com, I needed a CSR (Certificate Signing Request) but I could not find how to generate one from Azure so I ended up using csrgenerator.com, which is not ideal because now somebody else may have my private key 🙁
After finishing the activation process on namecheap.com I downloaded a package which contained a .crt, a .p7b and a ca-bundle file, but of course I didn’t have a .pfx file because in order to generate that file the private key is needed and it was not requested as part of the registration process (makes sense in the name of security but not very convenient to have to then use openssl yourself to generate the .pfx file required by Azure.
WSL , which I have, already has openssl installed so I was able to run the following command without any issues:
openssl pkcs12 -export -out javiercallico_me.pfx -inkey javiercallico_me.key -in javiercallico_me.crt -legacy -provider-path 'C:\Program Files\OpenSSL-Win64\bin'* Command updated in 2023 as per this post on StackOverflow.
Once I had the .pfx file, I was able to add new new SSL binding to my App Service and enable HTTPS Only traffic (like the convenience of this feature).
Any request to http://javiercallico.me/ will now be redirected to https://javiercallico.me/
One