Is it possible to user Customer supplied SSL certificate for encrypting communication with an Azure Service Bus Queue?

James Comstock 20 Reputation points
2023-09-07T19:32:37.3333333+00:00

Hello, everyone!

I am working with a client that requires all communication within their business to be encrypted with customer managed SSL certificates, with the additional requirement that all communication SSL certificates used within Azure need to be customer manageable in Azure Key Vault. We are currently considering using Azure Service Bus queues for some of our work with them, but I have been unable to find a way to support customer provided SSL certificates for communications with the service. Is this something that can be done with any tier?

Thanks!

James

Azure Service Bus
Azure Service Bus
An Azure service that provides cloud messaging as a service and hybrid integration.
701 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,460 questions
{count} votes

Accepted answer
  1. JananiRamesh-MSFT 29,276 Reputation points
    2023-09-08T10:35:54.5733333+00:00

    Hi @James Comstock Thanks for reaching out. Azure Service Bus supports customer-managed keys for encrypting data at rest in the Premium tier. This feature allows you to use your own key from Azure Key Vault to encrypt the Microsoft-managed key that is used to encrypt the data stored in Azure Storage. You can also audit and revoke access to your key in the key vault.

    Reference: https://learn.microsoft.com/en-us/azure/service-bus-messaging/configure-customer-managed-key

    However, Azure Service Bus does not support customer-managed SSL certificates for securing data in transit. The service uses its own SSL certificate (CN=servicebus.windows.net) to secure the communication between clients and endpoints. You cannot replace or customize this certificate with your own as it is managed by azure.

    Therefore, if your client requires all communication within their business to be encrypted with customer-managed SSL certificates, Azure Service Bus might not be a suitable option for you.

    I hope this answer helps, please feel free to reach out incase of further questions.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.