When hosting any web-based platform, especially customer-facing portals like Power Pages, ensuring secure data transmission is non-negotiable. This is achieved through HTTPS, which uses SSL/TLS encryption. Power Pages provides a streamlined and secure way to enable HTTPS using Azure Front Door, offering automatic SSL certificate provisioning and renewal.
This guide explains how to enable HTTPS and SSL for your Power Pages custom domain, step-by-step, including the technical considerations, best practices, and common issues.
1. What is HTTPS and Why It Matters
HTTPS (HyperText Transfer Protocol Secure) encrypts the data transmitted between a user’s browser and your Power Pages site using SSL (Secure Socket Layer) or more commonly now, TLS (Transport Layer Security).
Benefits:
- Encrypts form submissions and personal data
- Ensures data integrity
- Increases customer trust
- Improves SEO rankings (Google favors HTTPS sites)
- Required for modern browser features like geolocation, service workers, etc.
2. How SSL Works in Power Pages
Power Pages uses Azure Front Door as its delivery network and automatically provisions SSL certificates using Azure-managed certificates once a custom domain is linked.
Power Pages currently does not support manual uploading of custom certificates directly in the Power Platform Admin Center. Instead, it handles SSL provisioning automatically.
3. Pre-requisites Before Enabling HTTPS
- You must already have:
- A Power Pages site deployed
- A custom domain added and verified
- CNAME DNS record pointing your domain to the Azure Front Door URL
- Domain should be active and resolvable on the internet
4. Step-by-Step: Enabling HTTPS for Power Pages
Step 1: Verify Custom Domain
- Go to: Power Platform Admin Center
- Select your environment
- Click on Resources > Power Pages sites
- Choose your site
- Navigate to the Custom Domains tab
- Ensure your custom domain shows a status of Verified
Step 2: CNAME Setup
You must have configured your domain DNS with:
- CNAME record pointing to
yourportalname.region.portal.azurefd.net - This must be set at your DNS provider (e.g., GoDaddy, Cloudflare)
Step 3: Automatic SSL Certificate Provisioning
- Once CNAME is set and verified, Microsoft automatically starts the SSL provisioning process
- You don’t need to upload or buy an SSL certificate
- A certificate will be issued by Microsoft (typically DigiCert or Let’s Encrypt under the hood)
- This process can take 15 minutes to a few hours
Step 4: HTTPS Status Confirmation
- In the Admin Center > Custom Domains tab:
- The status will change from Pending to Secure
- A green padlock icon will appear next to the domain
- Test the URL in your browser with https://yourdomain.com
- If configured correctly, the browser will show “Secure” with a lock icon
5. Behind the Scenes: Azure Front Door and SSL
Power Pages uses Azure Front Door as the content delivery layer, which:
- Manages global traffic
- Handles SSL termination
- Ensures low latency and high availability
- Manages certificate lifecycle:
- Automatic issuance
- Automatic renewal
- Key rotation and security compliance
6. Forced HTTPS Redirection
Power Pages automatically redirects users to HTTPS if they try to visit the site via HTTP.
However:
If you manage additional domains or subdomains externally, ensure those also redirect to HTTPS at your DNS or hosting provider level.
7. Renewals and Expiration
You don’t need to worry about certificate renewals:
- Azure-managed certificates are auto-renewed 30 days before expiry
- You’ll never need to manually intervene unless:
- The CNAME is deleted or changed
- The domain is moved to another tenant without proper configuration
8. Common Troubleshooting Issues
| Issue | Resolution |
|---|---|
| HTTPS not enabled after 1 hour | Check if CNAME is correctly pointing to the front door domain |
| Certificate shows as invalid | Clear cache, use incognito mode, or flush DNS |
| Mixed content warning | Ensure all links and resources on the page use HTTPS |
| Domain stuck at “Pending” | Re-verify TXT and CNAME DNS records for proper resolution |
Use https://www.ssllabs.com/ssltest/ to test the certificate’s validity and grade.
9. Best Practices
- Always use HTTPS links in content (images, CSS, JS)
- Avoid embedding insecure third-party resources (HTTP)
- Enable HSTS (HTTP Strict Transport Security) headers if needed
- Educate content creators to never use full HTTP links when embedding