Share via

Issue with application gateway listener certificate

Mahadev, Rakesh [HAEA] 140 Reputation points
2024-08-22T16:10:58.7666667+00:00

Hello Team,

I've renewed the certificate and it didn't synced with the app service but post doing manually click on sync operation in app service it took new version of the certificate. Now the same it is not synced in application gateway. It's been more than 48 hours still showing the old version of the certificate. Is there a way to sync new version of certificate in application same as I did in app service.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,283 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshukatara-6769 9,195 Reputation points
    2024-08-23T07:17:43.7033333+00:00

    Hello , Welcome to MS Q&A

    To sync the new version of a certificate in Azure Application Gateway after renewing it, you can follow these steps:

    Using Key Vault Certificates:

    • Application Gateway instances poll Key Vault at four-hour intervals to retrieve a renewed version of the certificate if it exists. If an updated certificate is found, the TLS/SSL certificate associated with the HTTPS listener is automatically rotated.
      • Any change to Application Gateway (e.g., changes to Frontend IP Configurations, Listeners, Rules, Backend Pools, Resource Tags) will force a check against Key Vault to see if any new versions of certificates are available. If an updated certificate is found, the new certificate will immediately be presented.
      Uploaded Certificates:
      • If you uploaded the certificate to Application Gateway, you can renew the uploaded certificates by following these steps: 
        1. Navigate to your application gateway listeners in the Azure portal.



      2. Select the listener that has a certificate that needs to be renewed, and then select "Renew or edit selected certificate."



            3. Upload your new PFX certificate, give it a name, type the password, and then select "Save."

    For more detailed information, you can refer to the Renew Application Gateway certificates article.

    Kindly accept answer if it helps

    Please let us know if any questions

    Thanks

    Deepanshu

  2. Kris 26 Reputation points
    2024-08-23T09:06:45.8+00:00

    If you make some change to the App Gateway as suggested by @Deepanshukatara-6769 (for instance adding a tag (as a test)) does it pick up the new certificate then?.

    "Any change to Application Gateway (e.g., changes to Frontend IP Configurations, Listeners, Rules, Backend Pools, Resource Tags) will force a check against Key Vault to see if any new versions of certificates are available. If an updated certificate is found, the new certificate will immediately be presented."

    0 comments
  3. Kris 26 Reputation points
    2024-08-23T09:09:46.11+00:00

    Have you tried making some change to the Application Gateway as suggested?

    For instance just adding a test tag and save to see if the new version of the certificate has been picked up.

    "Any change to Application Gateway (e.g., changes to Frontend IP Configurations, Listeners, Rules, Backend Pools, Resource Tags) will force a check against Key Vault to see if any new versions of certificates are available. If an updated certificate is found, the new certificate will immediately be presented."

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.