I have been using the new Windows Azure Websites preview to build a site for a customer. I recently deployed this site, and moved it to a reserved instance so that I could configure a custom domain for the site as required by the customer. So far so good.

My next step is to secure the site using an SSL certificate. I have searched long and hard on the azure website (as well as stackoverflow) but have not been able to locate any information on how to configure an SSL cert for a reserved website instance.

I have seen many examples of doing this with a web role (cloud service) but not for a reserved website.

Does anyone know if this is currently possible? Or is this perhaps one of the reasons why azure websites are still in a preview mode?

Update: Found a post on the Azure Forum indicating that this is not possible in the current release, but is coming soon in a future release. http://social.msdn.microsoft.com/Forums/en-US/windowsazurewebsitespreview/thread/4bf975e7-56c0-4a4d-bb6a-b9b82f0da469

I did a quick google and found this link. It has some useful information.

Thanks to @twomm here is a TLDR of the situation:

just to keep everybody from clicking through, this is the current state there: "We are shooting for April or May for this feature"

As of 3, June 2013 Azure Web Sites now supports SSL for custom domains for reserved web sites according to Azure Pricing Details Page.

Two type of SSL connections are supported.

1 - Server Name Indication (SNI) SSL connections which works on modern browsers.

2 - IP-based SSL which works on all browsers.

Currently Azure supports shared SSL certificate only. Custom SSL certificates aren't supported yet, however Microsoft is planning to introduce them very soon.

With shared security you can access the same https site with https.

I see that this post and the answers are from a couple years ago. Now that it is possible to add an SSL certificate to Azure for a custom domain, I thought it would be useful to post a full solution here.

The MSDN blog post that I have followed to install a GoDaddy certificate on Windows Azure site is Avkash Chauhan's Complete Solution: Adding SSL Certificate with Windows Azure Application . He doesn't detail the Certificate Authority part, but I added steps below referring to how it is done on GoDaddy. His blog and another he links to have great detail about the whole rest of the process. My summary of all the steps is:

1. Purchase your SSL credit at GoDaddy
2. Use the credit to create or renew your SSL Certificate on GoDaddy. As part of the creation process, GoDaddy will ask you for your Certificate Signing Request (CSR). The CSR should be created on your LOCAL IIS server, as follows
3. In your local IIS 7 Manager, go to Server Certificates and choose Create Certificate Request... on the right. This is where you specify your domain name and details, including the encryption strength. Choose 2048-bit or higher. And RSA as the Cryptographic Provider
4. Once the CSR file is created, paste the contents into the GoDaddy creation form. It will take 5 to 10 minutes for the certificate creation to complete.
5. Download the certificate as a .zip file and save to your computer
6. Go to IIS 7 Manager again and choose Complete Certificate Request... It will ask you to browse to a *.cer file. Actually, you should use the . filter and browse to the *.crt file that was in your .zip file. Give it a friendly name like MyDomainSSL2015
7. Now that the certificate is created, highlight it and choose Export to export it to a .pfx file. At this point you will also give the exported file a password.
8. (The next few steps come from another MSDN post by William Bellamy, linked to in the other post I referenced) Log in to Windows Azure, go to Manage the service where you want to install the certificate, and choose Certificates tab
9. Click "Upload" at the bottom. It will ask you to browse to your .pfx file and enter the password that you created
10. Now that your certificate is uploaded to Azure, you still must specify that you want your Role to use it. This can be done in Visual Studio. So open your Visual Studio project
11. Right click on your role and choose Properties. Go to the Certificates tab
12. Click Add Certificate. A new line will be created in the grid. Make sure that LocalMachine is selected for the Store Location and CA for Store Name (though My seems to work too).
13. Click the ellipses in the Thumbprint column. This will show you a list of all your local certificates. Choose the one with the Friendly Name that you created earlier
14. Go to the Endpoints tab. For your HTTPS Endpoint, choose the SSL Certificate Name that you just added.
15. Publish your role

That's it. Again, the two blogs I referenced have some more detail and some screen shots, though some of the screen shots are outdated.