Since the beginning the Azure CDN has allowed for custom domains to be mapped so you can use your own domain name instead of the Azure CDN default domain name endpoint; such as that at “*.azureedge.net”. However, until recently you couldn’t enable SSL encryption support for that custom domain mapped to the Azure CDN endpoint. In a recent update to the Azure CDN service Microsoft has finally enabled the ability to enable SSL / TLS on an Azure CDN Custom Domain name.
Enable Custom Domain with SSL / TLS
Step 1: Once you have an Azure CDN Endpoint mapped to share content, you need to add a Custom Domain to the CDN Endpoint. This can be done by navigating to the CDN Endpoint blade within the Azure Portal, then clicking on the +Custom domain button.
Step 2: Map a DNS CName record with your DNS service for your Custom Domain to map to the Azure CDN Endpoint hostname.
Step 3: Configure the Azure CDN Endpoint to use the Custom Domain that’s been mapped to the CDN Endpoint.
Step 4: Once the Custom Domain has been added, navigate to the list of Custom Domains for the Azure CDN Endpoint, then click on the Custom Domain you wish to enable SSL on.
Step 5: Toggle the Custom domain HTTPS setting to On and save the change.
Step 6: Verify the Domain, then wait until Azure automatically provisions an SSL / TLS certificate for the Custom Domain.
Step 7: Start using your Azure CDN Endpoint with Custom Domain and SSL / TLS enabled.
The Azure CDN Custom Domain with SSL / TLS support (via HTTPS endpoint) has a couple features that are worth highlighting. Here’s the short list of these features:
No Additional Cost – There is zero additional cost associated with enabling SSL / TLS (via HTTPS endpoint) for an Azure CDN Custom Domain. The certificate acquisition and renewal is handled by Azure with zero cost to you.
Simple Enablement – As you can see from the simple steps above that enabling SSL / TLS encryption on an Azure CDN Custom Domain is extremely easy and simple to do.
Automatic Certificate Management – Everything from acquiring the certificate to managing renewals is completely managed for you and handled in Azure as part of the platform. This couldn’t be easier, and also completely removes the risks of service interruptions as a result of certificate expiration without manual intervention. Azure just handles it for you!
There really is only a single requirement that is worth noting in addition to the above information. In order to setup Custom Domains with SSL / TLS (via HTTPS endpoint) on an Azure CDN Endpoint, you will need to provision your Azure CDN service using one of the Verizon pricing tiers.
The Azure CDN pricing tier for Akamai does NOT support setting up Custom Domains with SSL / TLS (via HTTPS endpoint). If you attempt to enable the “Custom domain HTTPS” feature on an Akamai powered Azure CDN, you will see the following message:
Custom domain HTTPS is not supported for this profile.
In short, you can not user SSL / TLS with an Azure CDN Custom Domain if you are using the Akamai pricing tier. This feature is only supported with the Verizon pricing tiers.