Top / Microsoft Azure / Azure App Service (Web Apps) / Public Certificate

Azure App Service (Web Apps) Public Certificate

This page shows how to write Terraform and Azure Resource Manager for App Service (Web Apps) Public Certificate and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_app_service_public_certificate (Terraform)

The Public Certificate in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_app_service_public_certificate. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • app_service_name - (Required) The name of the App Service. Changing this forces a new App Service Public Certificate to be created.

  • resource_group_name - (Required) The name of the Resource Group where the App Service Public Certificate should exist. Changing this forces a new App Service Public Certificate to be created.

  • certificate_name - (Required) The name of the public certificate. Changing this forces a new App Service Public Certificate to be created.

  • certificate_location - (Required) The location of the certificate. Possible values are CurrentUserMy, LocalMachineMy and Unknown.

  • blob - (Required) The base64-encoded contents of the certificate. Changing this forces a new App Service Public Certificate to be created.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the App Service Public Certificate.

  • thumbprint - The thumbprint of the public certificate.

>> from Terraform Registry

Explanation in Terraform Registry

Manages an App Service Public Certificate.

>> from Terraform Registry

Tips: Best Practices for The Other Azure App Service (Web Apps) Resources

In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_app_service

Ensure your App Service is accessible via HTTPS only

It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.

risk-label

azurerm_function_app

Ensure to enable authentication to prevent anonymous request being accepted

It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.

Review your Azure App Service (Web Apps) settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Web/sites/publicCertificates (Azure Resource Manager)

The sites/publicCertificates in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/sites/publicCertificates. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

Template.json#L206
            "type": "Microsoft.Web/sites/publicCertificates"
        },
        {
            "name": "[concat(variables('interactiveMtlsAppServiceName'), '/', variables('sithsRootCertificateName'))]",
            "apiVersion": "[variables('apiVersion')]",
            "dependsOn": [
publiccertificates.json#L3
  "type": "Microsoft.Web/sites/publicCertificates",
  "apiVersion": "2018-11-01",
  "kind": "string",
  "properties": {
    "blob": [
      "integer"
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }
azuredeploy.json#L31
        "type": "Microsoft.Web/sites/publicCertificates",
        "location": "[resourceGroup().location]",
        "properties": {
            "publicCertificateLocation": "[parameters('publicCertificateLocation')]",
            "blob": "[parameters('blob')]"
        }

Parameters

  • apiVersion required - string
  • kind optional - string

    Kind of resource.

  • name required - string

    Public certificate name.

  • properties required
      • blob optional - string

        Public Certificate byte array

      • publicCertificateLocation optional - string

        Public Certificate Location.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure App Service (Web Apps) Resources

Frequently asked questions

What is Azure App Service (Web Apps) Public Certificate?

Azure App Service (Web Apps) Public Certificate is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents