Create documentation on how to create a PFX file for App Service
There is no documentation on how to create a PFX file for App Service.
Many people want official Microsoft documentation on the process.
Could you create documentation on how to create a PFX file for App Service?
Please consider our proposal.
Your inability to acquire valid search results does not mean that the documentation is nonexistent. Moreover, your request is rather vague.
Use community sites like https://serverfault.com if you have specific questions about concepts or implementation. However, most contributors will expect you to make an honest effort; they will not "do your homework" for you.
A PFX is a type of container for certificates and optionally private key material. Certificates can be used for a variety of purposes. I strongly recommend that you take the time to learn the core concepts of Public Key Infrastructure (PKI) before you start creating certificates. The up-front time you spend now will save you future head-desks.
To get you started, PKI is based on chains of trust. A certificate authority (CA) signs (issues) certificates. Each certificate is chained to a list of any number of intermediate (also called subordinate) CA's up to a root CA. A computer only trusts a certificate if it trusts the issuer.
There are public CA's like Microsoft, VeriSign, Thawte, GoDaddy, etc. You can also create your own private one for internal use. If you need to create internal PKI, there are two de facto standards. If you have access to Windows Server licensing, you can use Active Directory Certificate Services. Otherwise, you can use OpenSSL.
HTTPS (for web server authentication) requires that the server deliver the full chain to connecting clients. Other uses of certificates vary in their requirements for that. Assuming you are trying to configure client certificate authentication, you need to ensure that the App Service can validate those client certificates by supplying the root CA's certificate and potentially all intermediates. Client certificate authentication requires not only that the web server trusts the client certificate but also that it was signed by only specific issuers. Doing so excludes those issued by trusted third parties that are irrelevant to the scope of the application. If you are configuring an Azure App Service for client certificate authentication, be aware that there are deficits when it comes to using an Azure Application Gateway (for high availability). However, refer to the following link: