For anyone else stumbling into this, I found this blog post a LOT more helpful than the official docs which I found rather esoteric on specifics:
How do I create the TLS Certificate for the Azure Premium firewall with the "CA" flage true. This is needed for the TLS inspection.
Steven Davis
21
Reputation points
Hello all.
I have been suffering for weeks now. In Azure Premium firewall, I want t enable TLS inspection. That requires a Certificate I the key vault. That certificate has special requirements with the most complicated being "CA" = true. This value would indicate I am a certificate authority and no vendor will do this. I have talked with Digicert and Godaddy, along with four others.
So how do I enable TLS inspection and have an internal certificate that can be installed on all the VM's?