diff --git a/azurerm/data_source_app_service_certificate.go b/azurerm/data_source_app_service_certificate.go
new file mode 100644
index 000000000000..030c9fec250a
--- /dev/null
+++ b/azurerm/data_source_app_service_certificate.go
@@ -0,0 +1,108 @@
+package azurerm
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceAppServiceCertificate() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAppServiceCertificateRead,
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validate.NoEmptyStrings,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),
+
+			"location": azure.SchemaLocationForDataSource(),
+
+			"friendly_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"subject_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"host_names": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+
+			"issuer": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"issue_date": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"expiration_date": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"thumbprint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"tags": tags.Schema(),
+		},
+	}
+}
+
+func dataSourceAppServiceCertificateRead(d *schema.ResourceData, meta interface{}) error {
+	ctx := meta.(*ArmClient).StopContext
+	client := meta.(*ArmClient).web.CertificatesClient
+
+	resourceGroup := d.Get("resource_group_name").(string)
+	name := d.Get("name").(string)
+
+	resp, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			return fmt.Errorf("App Service Certificate %q (Resource Group %q) does not exist!", name, resourceGroup)
+		}
+
+		return fmt.Errorf("Error retrieving App Service Certificate %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	d.SetId(*resp.ID)
+
+	d.Set("name", resp.Name)
+	d.Set("resource_group_name", resourceGroup)
+
+	if location := resp.Location; location != nil {
+		d.Set("location", azure.NormalizeLocation(*location))
+	}
+
+	if props := resp.CertificateProperties; props != nil {
+		d.Set("friendly_name", props.FriendlyName)
+		d.Set("subject_name", props.SubjectName)
+		d.Set("host_names", props.HostNames)
+		d.Set("issuer", props.Issuer)
+		d.Set("issue_date", props.IssueDate.Format(time.RFC3339))
+		d.Set("expiration_date", props.ExpirationDate.Format(time.RFC3339))
+		d.Set("thumbprint", props.Thumbprint)
+	}
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}
diff --git a/azurerm/data_source_app_service_certificate_test.go b/azurerm/data_source_app_service_certificate_test.go
new file mode 100644
index 000000000000..aba76a1a44d7
--- /dev/null
+++ b/azurerm/data_source_app_service_certificate_test.go
@@ -0,0 +1,45 @@
+package azurerm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+)
+
+func TestAccDataSourceAzureRMAppServiceCertificate_basic(t *testing.T) {
+	dataSourceName := "data.azurerm_app_service_certificate.test"
+	rInt := tf.AccRandTimeInt()
+	location := testLocation()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMAppServiceCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAzureRMAppServiceCertificate_basic(rInt, location),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "subject_name"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "issue_date"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "expiration_date"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "thumbprint"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAzureRMAppServiceCertificate_basic(rInt int, location string) string {
+	template := testAccAzureRMAppServiceCertificatePfxNoPassword(rInt, location)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_app_service_certificate" "test" {
+  name                = "${azurerm_app_service_certificate.test.name}"
+  resource_group_name = "${azurerm_app_service_certificate.test.resource_group_name}"
+}
+`, template)
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
index 5aa8196c221f..0138b9fbc463 100644
--- a/azurerm/provider.go
+++ b/azurerm/provider.go
@@ -56,6 +56,7 @@ func Provider() terraform.ResourceProvider {
 		"azurerm_api_management_product":                  dataSourceApiManagementProduct(),
 		"azurerm_api_management_user":                     dataSourceArmApiManagementUser(),
 		"azurerm_app_service_plan":                        dataSourceAppServicePlan(),
+		"azurerm_app_service_certificate":                 dataSourceAppServiceCertificate(),
 		"azurerm_app_service":                             dataSourceArmAppService(),
 		"azurerm_application_insights":                    dataSourceArmApplicationInsights(),
 		"azurerm_application_security_group":              dataSourceArmApplicationSecurityGroup(),
diff --git a/website/azurerm.erb b/website/azurerm.erb
index 326977f7b08f..757d8f0097f0 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -82,6 +82,10 @@
                     <a href="/docs/providers/azurerm/d/app_service_plan.html">azurerm_app_service_plan</a>
                 </li>
 
+                <li>
+                    <a href="/docs/providers/azurerm/d/app_service_certificate.html">azurerm_app_service_certificate</a>
+                </li>
+
                 <li>
                     <a href="/docs/providers/azurerm/d/application_insights.html">azurerm_application_insights</a>
                 </li>
diff --git a/website/docs/d/app_service_certificate.html.markdown b/website/docs/d/app_service_certificate.html.markdown
new file mode 100644
index 000000000000..f197574c4c80
--- /dev/null
+++ b/website/docs/d/app_service_certificate.html.markdown
@@ -0,0 +1,53 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_app_service_certificate"
+sidebar_current: "docs-azurerm-datasource-app-service-certificate"
+description: |-
+  Gets information about an App Service certificate.
+
+---
+
+# Data Source: azurerm_app_service_certificate
+
+Use this data source to access information about an App Service certificate.
+
+## Example Usage
+
+```hcl
+data "azurerm_app_service_certificate" "example" {
+  name                = "example-app-service-certificate"
+  resource_group_name = "example-rg"
+}
+
+output "app_service_certificate_id" {
+  value = "${data.azurerm_app_service_certificate.example.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Specifies the name of the certificate.
+
+* `resource_group_name` - (Required) The name of the resource group in which to create the certificate.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The App Service certificate ID.
+
+* `friendly_name` - The friendly name of the certificate.
+
+* `subject_name` - The subject name of the certificate.
+
+* `host_names` - List of host names the certificate applies to.
+
+* `issuer` - The name of the certificate issuer.
+
+* `issue_date` - The issue date for the certificate.
+
+* `expiration_date` - The expiration date for the certificate.
+
+* `thumbprint` - The thumbprint for the certificate.