This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 73%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
I have a client who has a web application, an API, and a database in their Azure account. I have successfully updated the web application to use an SSL certificate...a certificate that is stored in the Key Vault. However, when users go to the website, and attempt certain actions, an error is raised because the certificate, associated with the API/virtual machine is expired.
How do I go about making changes so that the virtual machine/API will use the certificate in the Key Vault?
NOTE: I have never worked with virtual machines, in Azure, before.
Hello Bobby Roy
Just checking in to see if you got a chance to see previous response.
If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.999999999999996%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Follow the steps in this article to secure a web server on a Windows virtual machine in Azure with TLS/SSL certificates stored in Key Vault.
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-secure-web-server
Follow the steps in the below article to secure a web server on a Windows virtual machine in Azure with TLS/SSL certificates stored in Key Vault:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-secure-web-server
Hello Bobby Roy
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Based on the details shared, you already have an SSL cert created and stored in Key Vault.
-To make the necessary changes so that the virtual machine/API will use the certificate in the Key Vault, follow the below steps and see if these help:
-In Azure portal locate the Key Vault containing the SSL certificate, Click on Access Policies and add a new policy that grants access to the virtual machine's identity.
-Use PowerShell cmdlets to retrieve the SSL certificate from the Key Vault. Save the certificate in a location on the virtual machine that your API can access.
Retrieve the certificate from the Key Vault:
Get-AzKeyVaultSecret -VaultName "your-key-vault-name" -Name "your-certificate-name" | Select-Object -ExpandProperty SecretValueText | Out-File -Encoding ASCII -FilePath "C:\path\to\your\certificate.cer"
In the above command, replace "your-key-vault-name" with the name of your Key Vault, "your-certificate-name" with the name of your SSL certificate, and "C:\path\to\your\certificate.cer" with the path where you want to save the certificate on the virtual machine.
-Open your API configuration file (e.g., web.config for ASP.NET applications) and locate the section that configures HTTPS settings. Update the certificate configuration to reference the certificate you just retrieved from the Key Vault. Save the configuration file.
-Restart your API to ensure that the new certificate is being used. Test your API to ensure that it is functioning correctly.
Hope this helps.