By default, Azure secures the *.azurewebsites.net wildcard domain with a single SSL certificate. So, when you use the default domain that is generated for your app when you deploy it to Azure App Service, your users will access the app over a secure connection. When you use a custom domain for your app, for instance, az-300.com, you should assign an SSL certificate to it yourself.

You can assign SSL certificates to your app from the Azure portal. To assign a certificate, your app must run in the Standard, Premium, or Isolated App Service plan tiers.

To bind an SSL certificate to PacktWebApp, perform the following steps:

1. Navigate to the Azure portal by opening https://portal.azure.com.
2. Again, go to the PacktWebApp that we've created in the previous section.
3. In the left menu, under Settings, select TLS/SSL Settings. 

4. In the TLS/SSL settings blade, click on Private Key Certificates (.pfx), as follows:

5. Next, click the Upload Certificate button, as follows:

6. Upload the .pfx file from your computer, provide the password, and click Upload, as follows:

7. The certificate is uploaded to Azure and now we have to set the SSL binding to bind it to the domain. Click Bindings in the top menu and then click Add TLS/SSL Binding, as follows:
   

8. To bind the certificate to the domain, you need to specify the following two values:
   • Hostname: Select the hostname from the drop-down list.
   • Private Certificate Thumbprint: Select the uploaded certificate here.
   • SSL Type: Select SNI SSLv.
9. Then, click Add Binding, as follows:

10. If you have a www hostname as well, you should repeat the previous step to bind the same certificate to this.
11. Lastly, we will set one of the protocol settings and switch the website to HTTPS Only. This way, the website can only be accessed using HTTPS and is not accessible using HTTP, as shown in the following screenshot:

We have now covered how to assign an SSL certificate to your app. In the next section, we are going to cover OAuth2.