Skip to content

Commit 94f66e5

Browse files
msangapu-msftmsangapu-msft
committed
ssl
1 parent 35e720a commit 94f66e5

File tree

1 file changed

+23
-2
lines changed

1 file changed

+23
-2
lines changed

articles/app-service/overview-tls.md

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -131,9 +131,30 @@ To serve HTTPS traffic, App Service requires a TLS/SSL certificate that is bound
131131

132132
### Types of certificates
133133

134-
- **App Service certificates (ASC)**. Fully managed certificates issued and renewed automatically by Azure, stored securely in Azure Key Vault.
134+
## TLS/SSL certificates on App Service
135+
136+
To serve HTTPS traffic, App Service requires a TLS/SSL certificate that is bound to your custom domain. App Service offers multiple certificate options, ranging from fully managed free certificates to customer-managed certificates.
137+
138+
### Types of certificates
139+
140+
- **App Service managed certificates** (Free)
141+
- Provided at no cost.
142+
- Fully managed by Azure App Service, including **automatic renewal**.
143+
- Stored in **App Service Key Vault** (KV); **customers cannot access, export, or use these certificates outside of App Service**.
144+
- Supports basic domain validation but **does not support wildcard or custom root CAs**.
145+
146+
- **App Service certificates (ASC)**
147+
- Paid certificates **resold from GoDaddy** via Azure.
148+
- **Customer owns and manages** the certificate.
149+
- Stored in the **customer’s Key Vault (KV)** and **can be exported and used outside of App Service**.
150+
- Technically considered **"bring your own certificate (BYOC)"** because the customer controls it after purchase, but App Service provides **seamless integration**.
151+
152+
- **Bring your own certificate (BYOC)**
153+
- Upload and manage your own TLS/SSL certificates (**PFX format**) issued by **third-party Certificate Authorities (CAs)**.
154+
- Fully customer-managed, including **renewals and private key storage**.
155+
- Supports **wildcard certificates, custom root CAs, and externally issued certificates**.
135156

136-
- **Bring your own certificate (BYOC)**. Upload and manage certificates (in PFX format) issued by third-party Certificate Authorities (CAs).
157+
Each of these options provides flexibility based on your security and management needs.
137158

138159
### Bind certificates to custom domains
139160

0 commit comments

Comments
 (0)