Merge pull request #223014 from cephalin/health-4-20

add e2e domain cert tutorial

Author: PMEds28

articles/app-service/app-service-web-tutorial-custom-domain.md

@@ -73,7 +73,7 @@ Once you have finished adding or modifying DNS records at your domain provider,
 
 Since Traffic Manager only supports custom domain mapping with CNAME records, and because DNS standards don't support CNAME records for mapping root domains (for example, **contoso.com**), Traffic Manager doesn't support mapping to root domains. To work around this issue, use a URL redirect from at the app level. In ASP.NET Core, for example, you can use [URL Rewriting](/aspnet/core/fundamentals/url-rewriting). Then, use Traffic Manager to load balance the subdomain (**www.contoso.com**). Another approach is you can [create an alias record for your domain name apex to reference an Azure Traffic Manager profile](../dns/tutorial-alias-tm.md). An example is contoso.com. Instead of using a redirecting service, you can configure Azure DNS to reference a Traffic Manager profile directly from your zone. 
 
-For high availability scenarios, you can implement a load-balancing DNS setup without Traffic Manager by creating multiple *A records* that point from the root domain to each app copy's IP address. Then, [map the same root domain to all the app copies](app-service-web-tutorial-custom-domain.md#3-create-the-dns-records). Since the same domain name cannot be mapped to two different apps in the same region, this setup only works when your app copies are in different regions.
+For high availability scenarios, you can implement a load-balancing DNS setup without Traffic Manager by creating multiple *A records* that point from the root domain to each app copy's IP address. Then, [map the same root domain to all the app copies](app-service-web-tutorial-custom-domain.md#2-create-the-dns-records). Since the same domain name cannot be mapped to two different apps in the same region, this setup only works when your app copies are in different regions.
 
 ## Enable custom domain
 After the records for your domain name have propagated, use the browser to verify that your custom domain name resolves to your App Service app.

articles/app-service/configure-domain-traffic-manager.md

@@ -3,7 +3,7 @@ title: Secure a custom DNS with a TLS/SSL binding
 description: Secure HTTPS access to your custom domain by creating a TLS/SSL binding with a certificate. Improve your website's security by enforcing HTTPS or TLS 1.2.
 tags: buy-ssl-certificates
 
-ms.topic: tutorial
+ms.topic: article
 ms.date: 04/27/2022
 ms.reviewer: yutlin
 ms.custom: seodec18
@@ -19,15 +19,6 @@ Securing a [custom domain](app-service-web-tutorial-custom-domain.md) with a cer
 - [Add a private certificate to App Service](configure-ssl-certificate.md) that satisfies all the [private certificate requirements](configure-ssl-certificate.md#private-certificate-requirements).
 -  Create a TLS binding to the corresponding custom domain. This second step is covered by this article.
 
-In this tutorial, you learn how to:
-
-> [!div class="checklist"]
-> * Upgrade your app's pricing tier
-> * Secure a custom domain with a certificate
-> * Enforce HTTPS
-> * Enforce TLS 1.1/1.2
-> * Automate TLS management with scripts
-
 ## Prerequisites
 
 To follow this how-to guide:
@@ -37,7 +28,8 @@ To follow this how-to guide:
 - [Add a private certificate to your app](configure-ssl-certificate.md)
 
 > [!NOTE]
-> The easiest way to add a private certificate is to [create a free App Service managed certificate](configure-ssl-certificate.md#create-a-free-managed-certificate).
+> The easiest way to add a private certificate is to [create a free App Service managed certificate with your custom domain](tutorial-secure-domain-certificate.md).
+
 
 [!INCLUDE [Prepare your web app](../../includes/app-service-ssl-prepare-app.md)]
 
@@ -74,11 +66,7 @@ If your app has no certificate for the selected custom domain, then you have two
 
 Use the following table to help you configure the TLS binding in the **TLS/SSL Binding** dialog, then click **Add Binding**.
 
-| Setting | Description |
-|-|-|
-| Custom domain | The domain name to add the TLS/SSL binding for. |
-| Private Certificate Thumbprint | The certificate to bind. |
-| TLS/SSL Type | <ul><li>**[SNI SSL](https://en.wikipedia.org/wiki/Server_Name_Indication)** - Multiple SNI SSL bindings may be added. This option allows multiple TLS/SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI (for more information, see [Server Name Indication](https://wikipedia.org/wiki/Server_Name_Indication)).</li><li>**IP SSL** - Only one IP SSL binding may be added. This option allows only one TLS/SSL certificate to secure a dedicated public IP address. After you configure the binding, follow the steps in [Remap records for IP SSL](#remap-records-for-ip-ssl).<br/>IP SSL is supported only in **Standard** tier or above. </li></ul> |
+[!INCLUDE [Certificate binding types](../../includes/app-service-ssl-binding-types.md)]
 
 Once the operation is complete, the custom domain's TLS/SSL state is changed to **Secure**.
 
@@ -95,9 +83,9 @@ There are two changes you need to make, potentially:
 
 - By default, your app uses a shared public IP address. When you bind a certificate with IP SSL, App Service creates a new, dedicated IP address for your app. If you mapped an A record to your app, update your domain registry with this new, dedicated IP address.
 
-    Your app's **Custom domain** page is updated with the new, dedicated IP address. [Copy this IP address](app-service-web-tutorial-custom-domain.md#info), then [remap the A record](app-service-web-tutorial-custom-domain.md#3-create-the-dns-records) to this new IP address.
+    Your app's **Custom domain** page is updated with the new, dedicated IP address. Copy this IP address, then [remap the A record](app-service-web-tutorial-custom-domain.md#2-create-the-dns-records) to this new IP address.
 
-- If you have an SNI SSL binding to `<app-name>.azurewebsites.net`, [remap any CNAME mapping](app-service-web-tutorial-custom-domain.md#3-create-the-dns-records) to point to `sni.<app-name>.azurewebsites.net` instead (add the `sni` prefix).
+- If you have an SNI SSL binding to `<app-name>.azurewebsites.net`, [remap any CNAME mapping](app-service-web-tutorial-custom-domain.md#2-create-the-dns-records) to point to `sni.<app-name>.azurewebsites.net` instead (add the `sni` prefix).
 
 ## Test HTTPS
 

articles/app-service/configure-ssl-bindings.md

@@ -9,7 +9,7 @@ ms.reviewer: yutlin
 ms.custom: seodec18
 ---
 
-# Secure connections by adding and managing TLS/SSL certificates in Azure App Service
+# Add and manage TLS/SSL certificates in Azure App Service
 
 You can add digital security certificates to [use in your application code](configure-ssl-certificate-in-code.md) or to [secure custom DNS names](configure-ssl-bindings.md) in [Azure App Service](overview.md), which provides a highly scalable, self-patching web hosting service. Currently called Transport Layer Security (TLS) certificates, also previously known as Secure Socket Layer (SSL) certificates, these private or public certificates help you secure internet connections by encrypting data sent between your browser, websites that you visit, and the website server.
 

articles/app-service/configure-ssl-certificate.md

@@ -39,7 +39,7 @@ To integrate your application gateway with your ILB App Service environment, you
 
 ### ILB App Service environment
 
-For details on how to create an ILB App Service environment, see [Create an ASE in the Azure portal][creation] and [Create an ASE with ARM][createfromtemplate].
+For details on how to create an ILB App Service environment, see [Create an ASE in the Azure portal][creation] and [Create an ASE with ARM template][createfromtemplate].
 
 * After ILB ASE is created, the default domain is `<YourAseName>.appserviceenvironment.net`.
 
@@ -67,7 +67,7 @@ You need to create an App Service plan and an app in your ILB ASE. When creating
 ### A public DNS name to the application gateway
 
 To connect to the application gateway from internet, you need a routable domain name. In this case, I used a routable domain name `asabuludemo.com` and planning to connect to an App Service with this domain name `app.asabuludemo.com`. The IP addresses mapped to this app domain name need to set to the public IP after the application gateway created.
-With a public domain mapped to the application gateway, you don't need to configure a custom domain in App Service. You can buy a custom domain name with [App Service Domains](../manage-custom-dns-buy-domain.md#buy-an-app-service-domain). 
+With a public domain mapped to the application gateway, you don't need to configure a custom domain in App Service. You can buy a custom domain name with [App Service Domains](../manage-custom-dns-buy-domain.md#buy-and-map-an-app-service-domain). 
 
 ### A valid public certificate
 
@@ -108,7 +108,7 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
 
 4. Configuration setting
 
-    In **Configuration** setting, you need to add a routing rule by clicking **Add a routing rule** icon.
+    In **Configuration** setting, you need to add a routing rule by selecting **Add a routing rule** icon.
 
     :::image type="content" source="./media/integrate-with-application-gateway/configuration.png" alt-text="Screenshot of adding a routing rule in configuration setting.":::
 
@@ -143,9 +143,9 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
         | Host type      | Multiple/Wildcard                 | Set to multiple or wildcard website name if listener type is set to multi-sites. |
         | Host name      | For example:  `app.asabuludemo.com` | Set to a routable domain name for App Service              |
         
-        :::image type="content" source="./media/integrate-with-application-gateway/https-routing-rule.png" alt-text="H T T P S listener of the application gateway Routing Rule.":::
+        :::image type="content" source="./media/integrate-with-application-gateway/https-routing-rule.png" alt-text="HTTPS listener of the application gateway Routing Rule.":::
 
-    * You have to configure a **Backend Pool** and **HTTP setting** in **Backend targets**. The Backend pool was configured in previously steps. Click **Add new** link to add an HTTP setting.
+    * You have to configure a **Backend Pool** and **HTTP setting** in **Backend targets**. The Backend pool was configured in previously steps. Select **Add new** link to add an HTTP setting.
 
         :::image type="content" source="./media/integrate-with-application-gateway/add-new-http-setting.png" alt-text="Screenshot of adding new link to add an H T T P setting.":::
 
@@ -166,7 +166,7 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
 
 ## Configure an application gateway integration with ILB ASE
 
-To access ILB ASE from the application gateway, you need to check if a virtual network link to private DNS zone. If there is no virtual network linked to your application gateway's VNet, add a virtual network link with following steps.
+To access ILB ASE from the application gateway, you need to check if a virtual network link to private DNS zone. If there's no virtual network linked to your application gateway's VNet, add a virtual network link with following steps.
 
 ### Configure virtual network links with a private DNS zone
 

articles/app-service/environment/integrate-with-application-gateway.md

@@ -120,6 +120,9 @@ Congratulations, you've successfully completed this quickstart.
 
 The App Service app pulls from the container registry every time it starts. If you rebuild your image, you just need to push it to your container registry, and the app pulls in the updated image when it restarts. To tell your app to pull in the updated image immediately, restart it.
 
+> [!div class="nextstepaction"]
+> [Secure with custom domain and certificate](../../tutorial-secure-domain-certificate.md)
+
 > [!div class="nextstepaction"]
 > [Configure custom container](../../configure-custom-container.md)
 

articles/app-service/includes/quickstart-custom-container/quickstart-custom-container-linux-azure-portal-pivot.md

@@ -162,6 +162,9 @@ Congratulations, you've successfully completed this quickstart.
 
 The App Service app pulls from the container registry every time it starts. If you rebuild your image, you just need to push it to your container registry, and the app pulls in the updated image when it restarts. To tell your app to pull in the updated image immediately, restart it.
 
+> [!div class="nextstepaction"]
+> [Secure with custom domain and certificate](../../tutorial-secure-domain-certificate.md)
+
 > [!div class="nextstepaction"]
 > [Configure custom container](../../configure-custom-container.md)
 

articles/app-service/includes/quickstart-custom-container/quickstart-custom-container-linux-visual-studio-code-pivot.md

@@ -124,6 +124,9 @@ Congratulations, you've successfully completed this quickstart.
 
 The App Service app pulls from the container registry every time it starts. If you rebuild your image, you just need to push it to your container registry, and the app pulls in the updated image when it restarts. To tell your app to pull in the updated image immediately, restart it.
 
+> [!div class="nextstepaction"]
+> [Secure with custom domain and certificate](../../tutorial-secure-domain-certificate.md)
+
 > [!div class="nextstepaction"]
 > [Configure custom container](../../configure-custom-container.md)
 

articles/app-service/includes/quickstart-custom-container/quickstart-custom-container-windows-azure-portal-pivot.md

@@ -82,6 +82,9 @@ Congratulations, you've successfully completed this quickstart.
 
 The App Service app pulls from the container registry every time it starts. If you rebuild your image, you just need to push it to your container registry, and the app pulls in the updated image when it restarts. To tell your app to pull in the updated image immediately, restart it.
 
+> [!div class="nextstepaction"]
+> [Secure with custom domain and certificate](../../tutorial-secure-domain-certificate.md)
+
 > [!div class="nextstepaction"]
 > [Configure custom container](../../configure-custom-container.md)
 

articles/app-service/includes/quickstart-custom-container/quickstart-custom-container-windows-cli-pivot.md

@@ -82,6 +82,9 @@ Congratulations, you've successfully completed this quickstart.
 
 The App Service app pulls from the container registry every time it starts. If you rebuild your image, you just need to push it to your container registry, and the app pulls in the updated image when it restarts. To tell your app to pull in the updated image immediately, restart it.
 
+> [!div class="nextstepaction"]
+> [Secure with custom domain and certificate](../../tutorial-secure-domain-certificate.md)
+
 > [!div class="nextstepaction"]
 > [Configure custom container](../../configure-custom-container.md)