Use custom domains & SSL in SaaS solution in Azure Web App

Question

Currently we are planning to provide a SaaS solution with subdomains that will be hosted in Azure as App Service. Currently we have the following CNAME mapping in the DNS provider and it is perfectly working for all subdomains. Also mapped the domain in the Azure App Service.

CNAME *.contoso.com contoso.azurewebsites.net

Also, we are planning to add support for using customer's own domains. For example, domain-a.com is the customer's domain and it will point to domain1.contoso.com. This is working fine, if we do the following manually/automatically.

domain-a.com -> domain1.contoso.com (Customer will add the following mapping in their DNS and I've to add this domain in Azure App Service)

I've the following questions.

1. Is it possible to provide support for this, without adding the customer's domain in Azure App Service?
2. How to provide support for SSL for customer's domain?

Answer 1

Is it possible to provide support for this, without adding the customer's domain in Azure App Service?

In order for the App Service to serve requests to your customer's domain, you need to bind the custom domain name to your App Service. Either by pointing an A or CNAME record to your App Service. If you don't, it just won't work.

However, if you place an Azure Web Application Firewall or other type of Application firewall in front of your App Service, you don't need to configure the domain name on the App Service. But then you still need to configure the domains on the firewall, so you don't get away with configuring the domains somewhere in your Azure infrastructure.

How to provide support for SSL for customer's domain?

I guess your clients, who probably own their domain name, would request a certificate with a certificate provider. After they get it they can hand it over to you. Or you can do it on behalf of the client, and offer this as a service to your clients.

Alternatively, you can use the service Let's Encrypt, which offers free SSL certificates. But more importantly, the process of requesting, configuring and renewing these certificates is done automatically for the most part. There's an Azure App Service extension for Let's Encrypt that allows you to use Let's Encrypt. I believe it's in beta. But I've used it and works fine. This article also explains in detail what you need to do to setup the extension.