How to use a Cloudflare origin certificate on an Azure App



  • I am assuming that you followed my guide to Setup a Cloudflare Origin Certificate.

    1. Log on to a Linux based system of any type.
      • If you like annoying, and you might since you are using Azure, feel free to get openssl setup on Windows. Just don't ask me.
    2. Save the origin certificate file as origin.domain.pem.
    3. Save the origin key file as origin.domain.key.
    4. Save the chain file (ECC version) as chain.domain.pem.
      You should end up with this.
    [[email protected] Azure]$ ls -las
    total 24
    4 drwxrwxr-x. 2 jbusch jbusch 4096 Apr 28 23:14 .
    4 drwxrwxr-x. 3 jbusch jbusch 4096 Apr 28 23:10 ..
    4 -rw-rw-r--. 1 jbusch jbusch  939 Apr 28 23:10 chain.bundystl.com.pem
    4 -rw-rw-r--. 1 jbusch jbusch  241 Apr 28 23:11 origin.bundystl.com.key
    4 -rw-rw-r--. 1 jbusch jbusch 1151 Apr 28 23:11 origin.bundystl.com.pem
    
    1. Create the PFX certificate with with a passcode using openssl
    [[email protected] Azure]$ openssl pkcs12 -export -in origin.bundystl.com.pem -inkey origin.bundystl.com.key -out origin.bundystl.com.pfx -certfile chain.bundystl.com.pem
    Enter Export Password: samepasswordtwice
    Verifying - Enter Export Password: samepasswordtwice
    [[email protected] Azure]$ 
    
    1. Add a cname in Cloudflare for your domain pointing to your appservice.azurewebsites.net. Make sure the orange cloud is unchecked for now.
      6d3e6611-ce43-4657-9cec-7394e5cd268e-image.png

    2. Sign in to Azure, go to the App services, click on your app, and then Custom domains.
      cc31f3e7-a2eb-440c-8c33-404110a97288-image.png

    3. Click Add custom domain and put in the domain in the box and click validate.
      8492a78b-1a52-40c5-9087-6f74c5918d96-image.png

    4. Wait a moment while it checks for hte DNS record, and then click the Add custom domain box above the two green checks ✅.

    5. Click Add binding on the prior panel.
      8fd6acf7-1868-4925-8cfc-a29faa61f93c-image.png

    6. Click the Upload PFX Certificate button.
      497c4af7-18a4-467d-a573-cf4d57aec373-image.png

    7. Browse to the file and enter the password, then click upload.
      Save it off the Linux machine if you need to back to your desktop.
      8e6d35fe-da8d-446d-8864-08fd7a557edc-image.png

    8. It will upload and thn you have to choose the certificate and type. Each box only has one option.
      12bc2cdd-dee7-4e34-93d5-d1925fa89ea5-image.png

    9. Choose the only options and click Add Binding at the bottom.
      1c3ac554-f6c5-405e-aef2-d03d0e87ea0b-image.png

    10. You will see the new domain showing and have the secure check mark.
      b61f80b3-f12f-410c-b4f5-f274177d8de5-image.png

    11. Go back over to Cloudflare and turn on the orange cloud.
      ac6e7387-d849-4123-9d6a-3a6e1c725915-image.png

    12. Optionally, this depends on the other DNS entries you have with the orange cloud all having valid SSL, you can enable Strict SSL.
      80e4da4f-fb9e-4672-af2d-043827ed1a26-image.png