Get free HTTPS certificate – to make Universal Links (deep-linking) work on iOS 9

Note: In this blog post I show how to load a certificate from StartCom into Azure. They’ve subsequently had some pretty serious issues related to WoSign and I would not recommend getting a StartSSL certificate any more. Instead, I got it setup on my site, in an even better an automated way, by following this guide. The official guide miss some stuff which this guide explains better. So use a combination of the two and you are in for a win.

——————— Below is obsolete ————————–

I recently had to support HTTPS on my domain, as it is needed when you want to use Universal Links on iOS.

I’m not going to go through how to setup Universal Links in the app, as many others have already wrong good articles about that.

What I want to go through, is how to get a certificate so you can run HTTPS on your website, as this is required.
The way to tell Apple that you own the website you want to use for Universal Links, it to put a apple-app-site-association  in the root of your domain. And that file need to be accessible via HTTPS – and this is where I realised I needed HTTPS on my website.
You can read more about Universal Links here, as it’s not covered in this post.

All this HTTPS is something Apple is pretty seriously about, as they will require it for all web request from iOS apps by the end of 2016. So very soon, a lot of developers, will have to support HTTPS on their website/webapis.

The Problem: HTTPS is expensive

One of the problems, that I don’t see many others talk about, is that HTTPS is pretty expensive. At least if you are a single developer, with multiple free apps in AppStore. Of cause the prices varies, but still we talk around 100$ a year, pr. domain, and like 300$ per year, if you want a wildcard certificate, which works for *

Therefore I needed to find a cheap, and even better, free, HTTPS certificate solution that would also work on Azure, which I’m using to host my websites and webapis.

I ended up finding a solution that works and are free. It doesn’t support wildcard, but it supports up to 5 domains/subdomains in one certificate, which were find for me. I needed 3,,,

1. Create user on provides free certificates, so create a user on the site. I did it on Windows in Internet Explorer (not Edge), as it should be easier later on, because its easier to get to the .pfx file you need for Azure.

The signup and login process is a little different than what you normally see on websites, but it’s due to the fact that they base there login on an installed certificate on your machine. I’m not a security expert, so this might be wrong :)

2. Validate your domain

Once you are logged in, you need to validate the domain you need to certificate to work for. Note here, that it’s the bare domain you need to put in, ex. Not or the like.


You can either validate by email or by uploading an .html file. I used the .html solution, as I don’t have any email setup on my domain, and it worked perfectly. Remember to put the file in the root of your site :)

After this, you should see something like this to the right on the site.


3. Create certificate

Click the “Certificate Wizard” tab and choose you want a Website certificate.


As you see here, I’m able to put in the main domain, and two subdomains, into the same certificate.

As seen in the bottom, it tells you how to get a hold of the .pfx file that you actually need to upload to Azure.

So fill this out, and press the Submit button. Your Internet Explorer will ask you a few times, if is allowed to install the certificate on your machine. If you don’t say yes, to that, I’m pretty sure it won’t work.

Then follow the guide in the bottom of the above screenshot, so you have your .pfx file on your harddrive.

You are very close to running HTTPS in Azure now!

4. Upload and setup certificate on Azure

In the Azure portal, browse to the website you want to run HTTPS.

Under Settings, find the “Custom domain and SSL”.


Under the “More…” in the top, you can choose “Upload certificate”. Here you upload the .pfx file and provide the password you have been asked to create earlier on, when creating the certificate.

Now all you need to do, it so setup the SSL Bindings and then you should be up and running, after pressing the Save button of cause.

Happy secure browsing, and Universal Linking :)

Source: I was originally following this  guide, but it was a little out dated. I list it here, to give credits to the author of that blogpost and you might be able to find details you didn’t find in my blogpost.

Azure Website – The page cannot be displayed because an internal server error has occurred

Tonight I had some problems with an old .NET 2.0 site that I wanted to move from my old host to Azure Website. I did not want to change anything on the site, I just wanted it to run on Azure.

So I created a Azure Website for it and uploaded all the files via FTP – no problems of cause. I then hit the site and got some pretty useless windows errors:

“The page cannot be displayed because an internal server error has occurred.”

As a .NET developer I of cause tried to set CustomErrors=”Off” in Web.config, as the first thing, but that did not change anything.

I googled it with Bing (Scott Hanselman joke), and found that I was not the only one who found this error message useless, so I found a solution.

I enabled diagnostics in Azure Portal on the Website under the Configuration tab, scroll to the bottom. And set both application and site diagnostics on and to Verbose, see screen below.
It is important to turn on the Detailed Errors Messages.

Screen Shot 2014-12-28 at 23.33.20


After enabling some diagnostics, save and restart the website, just to be sure.

I then hit the website sometimes and went into the SCM for the site.

I do not think there is a link to this inside the Azure Portal currently (december 2014), so you just browse to your site and put in this little .scm.

In here you can do a lot of things, but what you want to do here is: Tools -> Diagnostics Dump.

This will give you a .zip file. Browse to LogFiles->DetailedErrors and here you should see some error pages.

I looked into some of these and could see the same error on all of them. Basically it said:

“An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.”

In my case, I did not want to change anything on the actually site, I just needed it to run. So I went into the Configuration tab and changed from Integrated Mode to Classic – Bum! – site was running on Azure!

Hope this helps somebody out there.