Change SSL to TLS.

Author: TimShererWithAquent

articles/app-service/environment/app-service-app-service-environment-intro.md

@@ -44,7 +44,7 @@ All of the compute resources in an App Service Environment are dedicated exclusi
 
 An App Service Environment is composed of a front-end compute resource pool, as well as one to three worker compute resource pools.
 
-The front-end pool contains compute resources responsible for SSL termination as well automatic load balancing of app requests within an App Service Environment.
+The front-end pool contains compute resources responsible for TLS termination as well automatic load balancing of app requests within an App Service Environment.
 
 Each worker pool contains compute resources allocated to [App Service Plans][AppServicePlan], which in turn contain one or more Azure App Service apps.  Since there can be up to three different worker pools in an App Service Environment, you have the flexibility to choose different compute resources for each worker pool.  
 

articles/app-service/environment/app-service-web-configure-an-app-service-environment.md

@@ -125,7 +125,7 @@ Within the ASE blade, there is a **Settings** section that contains several impo
 
 ![Settings blade and Properties][4]
 
-**Settings** > **IP Addresses**: When you create an IP Secure Sockets Layer (SSL) app in your ASE, you need an IP SSL address. In order to obtain one, your ASE needs IP SSL addresses that it owns that can be allocated. When an ASE is created, it has one IP SSL address for this purpose, but you can add more. There is a charge for additional IP SSL addresses, as shown in [App Service pricing][AppServicePricing] (in the section on SSL connections). The additional price is the IP SSL price.
+**Settings** > **IP Addresses**: When you create an IP Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), app in your ASE, you need an IP TLS address. In order to obtain one, your ASE needs IP TLS addresses that it owns that can be allocated. When an ASE is created, it has one IP TLS address for this purpose, but you can add more. There is a charge for additional IP TLS addresses, as shown in [App Service pricing][AppServicePricing] (in the section on TLS connections). The additional price is the IP TLS price.
 
 **Settings** > **Front End Pool** / **Worker Pools**: Each of these resource pool blades offers the ability to see information only on that resource pool, in addition to providing controls to fully scale that resource pool.  
 
@@ -136,7 +136,7 @@ The base blade for each resource pool provides a chart with metrics for that res
 ### Portal scale capabilities
 There are three scale operations:
 
-* Changing the number of IP addresses in the ASE that are available for IP SSL usage.
+* Changing the number of IP addresses in the ASE that are available for IP TLS usage.
 * Changing the size of the compute resource that is used in a resource pool.
 * Changing the number of compute resources that are used in a resource pool, either manually or through autoscaling.
 

articles/app-service/environment/app-service-web-how-to-create-an-app-service-environment.md

@@ -41,7 +41,7 @@ To create an App Service Environment v1, you can search the Azure Marketplace fo
 3. Select or specify a new resource group. The resource group used for your ASE must be the same that is used for your VNet. If you select a pre-existing VNet, the resource group selection for your ASE will be updated to reflect that of your VNet.
 
     ![][2]
-4. Make your Virtual Network and Location selections. You can choose to create a new VNet or select a pre-existing VNet. If you select a new VNet then you can specify a name and location. The new VNet will have the address range 192.168.250.0/23 and a subnet named **default** that is defined as 192.168.250.0/24. You can also simply select a pre-existing Classic or Resource Manager VNet. The VIP Type selection determines if your ASE can be directly accessed from the internet (External) or if it uses an Internal Load Balancer (ILB). To learn more about them read [Using an Internal Load Balancer with an App Service Environment][ILBASE]. If you select a VIP type of External then you can select how many external IP addresses the system is created with for IPSSL purposes. If you select Internal then you need to specify the subdomain that your ASE will use. ASEs can be deployed into virtual networks that use *either* public address ranges, *or* RFC1918 address spaces (i.e. private addresses). In order to use a virtual network with a public address range, you will need to create the VNet ahead of time. When you select a pre-existing VNet you will need to create a new subnet during ASE creation. **You cannot use a pre-created subnet in the portal. You can create an ASE with a pre-existing subnet if you create your ASE using a resource manager template.** To create an ASE from a template use the information here, [Creating an App Service Environment from template][ILBAseTemplate] and here, [Creating an ILB App Service Environment from template][ASEfromTemplate].
+4. Make your Virtual Network and Location selections. You can choose to create a new VNet or select a pre-existing VNet. If you select a new VNet then you can specify a name and location. The new VNet will have the address range 192.168.250.0/23 and a subnet named **default** that is defined as 192.168.250.0/24. You can also simply select a pre-existing Classic or Resource Manager VNet. The VIP Type selection determines if your ASE can be directly accessed from the internet (External) or if it uses an Internal Load Balancer (ILB). To learn more about them read [Using an Internal Load Balancer with an App Service Environment][ILBASE]. If you select a VIP type of External then you can select how many external IP addresses the system is created with for IP TLS purposes. If you select Internal then you need to specify the subdomain that your ASE will use. ASEs can be deployed into virtual networks that use *either* public address ranges, *or* RFC1918 address spaces (i.e. private addresses). In order to use a virtual network with a public address range, you will need to create the VNet ahead of time. When you select a pre-existing VNet you will need to create a new subnet during ASE creation. **You cannot use a pre-created subnet in the portal. You can create an ASE with a pre-existing subnet if you create your ASE using a resource manager template.** To create an ASE from a template use the information here, [Creating an App Service Environment from template][ILBAseTemplate] and here, [Creating an ILB App Service Environment from template][ASEfromTemplate].
 
 ### Details
 An ASE is created with 2 Front Ends and 2 Workers. The Front Ends act as the HTTP/HTTPS endpoints and send traffic to the Workers which are the roles that host your apps. You can adjust the quantity after ASE creation and can even set up autoscale rules on these resource pools. For more details around manual scaling, management and monitoring of an App Service Environment go here: [How to configure an App Service Environment][ASEConfig] 
@@ -53,7 +53,7 @@ After ASE creation you can adjust:
 
 * Quantity of Front Ends (minimum: 2)
 * Quantity of Workers (minimum: 2)
-* Quantity of IP addresses available for IP SSL
+* Quantity of IP addresses available for IP TLS
 * Compute resource sizes used by the Front Ends or Workers (Front End minimum size is P2)
 
 There are more details around manual scaling, management and monitoring of App Service Environments here: [How to configure an App Service Environment][ASEConfig] 

articles/app-service/environment/certificates.md

@@ -18,7 +18,7 @@ The ASE is a single tenant system. Because it is single tenant, there are some f
 
 ## ILB ASE certificates 
 
-If you are using an External ASE, then your apps are reached at [appname].[asename].p.azurewebsites.net. By default all ASEs, even ILB ASEs, are created with certificates that follow that format. When you have an ILB ASE, the apps are reached based on the domain name that you specify when creating the ILB ASE. In order for the apps to support SSL, you need to upload certificates. Obtain a valid SSL certificate by using internal certificate authorities, purchasing a certificate from an external issuer, or using a self-signed certificate. 
+If you are using an External ASE, then your apps are reached at [appname].[asename].p.azurewebsites.net. By default all ASEs, even ILB ASEs, are created with certificates that follow that format. When you have an ILB ASE, the apps are reached based on the domain name that you specify when creating the ILB ASE. In order for the apps to support TLS, you need to upload certificates. Obtain a valid TLS/SSL certificate by using internal certificate authorities, purchasing a certificate from an external issuer, or using a self-signed certificate. 
 
 There are two options for configuring certificates with your ILB ASE.  You can set a wildcard default certificate for the ILB ASE or set certificates on the individual web apps in the ASE.  Regardless of the choice you make, the following certificate attributes must be configured properly:
 
@@ -51,10 +51,10 @@ When creating a self signed cert, you will need to ensure the subject name has t
 Apps that are hosted in an ASE can use the app-centric certificate features that are available in the multi-tenant App Service. Those features include:  
 
 - SNI certificates 
-- IP-based SSL, which is only supported with an External ASE.  An ILB ASE does not support IP-based SSL.
+- IP-based TLS, which is only supported with an External ASE.  An ILB ASE does not support IP-based TLS.
 - KeyVault hosted certificates 
 
-The instructions for uploading and managing those certificates are available in [Add an SSL certificate in Azure App Service](../configure-ssl-certificate.md).  If you are simply configuring certificates to match a custom domain name that you have assigned to your web app, then those instructions will suffice. If you are uploading the certificate for an ILB ASE web app with the default domain name, then specify the scm site in the SAN of the certificate as noted earlier. 
+The instructions for uploading and managing those certificates are available in [Add a TLS/SSL certificate in Azure App Service](../configure-ssl-certificate.md).  If you are simply configuring certificates to match a custom domain name that you have assigned to your web app, then those instructions will suffice. If you are uploading the certificate for an ILB ASE web app with the default domain name, then specify the scm site in the SAN of the certificate as noted earlier. 
 
 ## TLS settings 
 

articles/app-service/environment/create-external-ase.md

@@ -155,7 +155,7 @@ If you create an ASE standalone, it has nothing in it. An empty ASE still incurs
 
     * The new VNet has the address range 192.168.250.0/23 and a subnet named default. The subnet is defined as 192.168.250.0/24. You can only select a Resource Manager VNet. The **VIP Type** selection determines if your ASE can be directly accessed from the internet (External) or if it uses an ILB. To learn more about these options, see [Create and use an internal load balancer with an App Service environment][MakeILBASE]. 
 
-      * If you select **External** for the **VIP Type**, you can select how many external IP addresses the system is created with for IP-based SSL purposes. 
+      * If you select **External** for the **VIP Type**, you can select how many external IP addresses the system is created with for IP-based TLS purposes. 
 
       * If you select **Internal** for the **VIP Type**, you must specify the domain that your ASE uses. You can deploy an ASE into a VNet that uses public or private address ranges. To use a VNet with a public address range, you need to create the VNet ahead of time.