iTranslated by AI

The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article
🙌

Configuring Custom Domains in App Service/Static Web Apps and the Digital Certificate Issuance Process

に公開
Azure
certification
App Service
tech

Introduction

App Service and Static Web Apps provide HTTPS-encrypted communication using default domains such as azurewebsites.net or azurestaticapps.net.
However, there is naturally a requirement to operate sites on App Service or Static Web Apps using existing domains that are already in operation.
In this article, I would like to explain this procedure by mapping it to the general digital certificate issuance process.
Please note that this does not necessarily mean that the Azure services function exactly in this way, but rather that it is helpful to think of these operations in conceptual terms.

Configuring a Custom Domain

First, configure which custom domain you want to use with App Service/Static Web Apps.

For example, in Static Web Apps, you set it here.

Set which domain you want to use on the service side.

In the general digital certificate issuance process, this is considered to correspond to the CSR (Certificate Signing Request) and private key generation process.

Once done, you will be instructed by App Service/Static Web Apps to set specific values for a CNAME record and a TXT record (which is optional but strongly recommended for security reasons) to prove that you own the domain you configured.

In the general digital certificate issuance process, this is considered to be the domain ownership verification process.
In the first place, server certificates include those that only verify domain ownership, those that further verify the existence of the organization, and EV certificates, whose verification methods are defined by international standards.
The certificates issued by App Service and similar services in this case only verify domain ownership.

Creating DNS Records

Use a CNAME record or an A record to map the custom DNS name to the App Service/Static Web Apps.

Verification

Perform the verification process on the App Service / Static Web Apps side.
If configured correctly, this corresponds to the state in the general authentication process where the Certificate Authority uses its own private key to digitally sign the CSR and creates a digital certificate, which is then set to the App Service/Static Web Apps.

Summary

The general domain certificate issuance process is nothing more than the process of proving that you truly hold ownership of the domain.
For example, as mentioned here, ownership has traditionally been proven by writing a specified string into a DNS record, placing a specified file in a specified location on a web server, or sending an email from a specified address to a specified address.
App Service/Static Web Apps adopt the method of proving domain ownership by requiring you to write a specified string into a DNS record.

https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain?tabs=root%2Cazurecli?WT.mc_id=DT-MVP-5004827

Discussion