fbpx

azure-content-delivery-network-cdn_colorSince the beginning the Azure CDN has allowed for custom domains to be mapped so you can use your own domain name instead of the Azure CDN default domain name endpoint; such as that at “*.azureedge.net”. However, until recently you couldn’t enable SSL encryption support for that custom domain mapped to the Azure CDN endpoint. In a recent update to the Azure CDN service Microsoft has finally enabled the ability to enable SSL / TLS on an Azure CDN Custom Domain name.

Enable Custom Domain with SSL / TLS

Step 1: Once you have an Azure CDN Endpoint mapped to share content, you need to add a Custom Domain to the CDN Endpoint. This can be done by navigating to the CDN Endpoint blade within the Azure Portal, then clicking on the +Custom domain button.

azureportal_cdnendpointblade_customdomainbutton

Step 2: Map a DNS CName record with your DNS service for your Custom Domain to map to the Azure CDN Endpoint hostname.

Step 3: Configure the Azure CDN Endpoint to use the Custom Domain that’s been mapped to the CDN Endpoint.

azureportal_cdnendpointcustomdomain

Step 4: Once the Custom Domain has been added, navigate to the list of Custom Domains for the Azure CDN Endpoint, then click on the Custom Domain you wish to enable SSL on.

azureportal_cdnendpointcustomdomainlist

Step 5: Toggle the Custom domain HTTPS setting to On and save the change.

azureportal_cdnendpointcustomdomainssl

Step 6: Verify the Domain, then wait until Azure automatically provisions an SSL / TLS certificate for the Custom Domain.

azureportal_cdnendpointcustomdomainssl_verifymessage

Step 7: Start using your Azure CDN Endpoint with Custom Domain and SSL / TLS enabled.

Feature Highlights

The Azure CDN Custom Domain with SSL / TLS support (via HTTPS endpoint) has a couple features that are worth highlighting. Here’s the short list of these features:

No Additional Cost – There is zero additional cost associated with enabling SSL / TLS (via HTTPS endpoint) for an Azure CDN Custom Domain. The certificate acquisition and renewal is handled by Azure with zero cost to you.

Simple Enablement – As you can see from the simple steps above that enabling SSL / TLS encryption on an Azure CDN Custom Domain is extremely easy and simple to do.

Automatic Certificate Management – Everything from acquiring the certificate to managing renewals is completely managed for you and handled in Azure as part of the platform. This couldn’t be easier, and also completely removes the risks of service interruptions as a result of certificate expiration without manual intervention. Azure just handles it for you!

Feature Requirements

There really is only a single requirement that is worth noting in addition to the above information. In order to setup Custom Domains with SSL / TLS (via HTTPS endpoint) on an Azure CDN Endpoint, you will need to provision your Azure CDN service using one of the Verizon pricing tiers.

The Azure CDN pricing tier for Akamai does NOT support setting up Custom Domains with SSL / TLS (via HTTPS endpoint). If you attempt to enable the “Custom domain HTTPS” feature on an Akamai powered Azure CDN, you will see the following message:

Custom domain HTTPS is not supported for this profile.

azureportal_cdnakamaihttpsmessage

In short, you can not user SSL / TLS with an Azure CDN Custom Domain if you are using the Akamai pricing tier. This feature is only supported with the Verizon pricing tiers.

Microsoft MVP

Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.
HashiCorp Ambassador Microsoft Certified Trainer (MCT) Microsoft Certified: Azure Solutions Architect