Share via

Add certificate to Azure App Service with backend in VM

Gustavo Adolfo Hernández Cabrera 25 Reputation points
2023-09-22T15:17:35.9733333+00:00

Hi community.

I have a react app deployed in Azure App Service (*.azurewebsites.net). I also have the domain (godaddy). How do I generate the certificate with Digicert in the Azure portal using the Key vault?

Also, I have a backend (API) deployed in a VM that is consumed by react app, but when I open the API url I got

User's image

Do I need another domain and certificate for the backend? or I must install the same certificate for frontend in the VM?

I am really confused. I appreciate any help.

Regards

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,931 questions
Accepted answer
  1. brtrach-MSFT 17,731 Reputation points Microsoft Employee Moderator
    2023-09-26T01:20:48.02+00:00

    @Gustavo Adolfo Hernández Cabrera To generate a certificate with Digicert in the Azure portal using the Key Vault, you need to follow these steps:

    1. Make sure you have an activated DigiCert CertCentral account. If you don't have one, you can sign up for a CertCentral account on the DigiCert website.
    2. Create a key vault in Azure. You can use an existing key vault or create one by completing the steps in one of these quickstarts:
    3. Add DigiCert to the certificate authority list in the key vault. To do this, go to the key vault you want to add it to select Certificates on the Key Vault property page, select the Certificate Authorities tab, and then select Add. Under Create a certificate authority, enter the following values:
      • Name: An identifiable issuer name. For example, DigiCertCA.
        • Provider: DigiCert.
          • Account ID: Your DigiCert CertCentral account ID.
            • Account Password: The API key you generated in your DigiCert CertCentral account.
    4. Set the issuer. Doing so will add Digicert as a certificate authority in the key vault. You can use the following PowerShell command to set the issuer:
    <span class=" active-doc-3" data-doc-items="3">Set-AzKeyVaultCertificateIssuer -VaultName "YourVaultName" -Name "TestIssuer01" -IssuerProvider DigiCert -AccountId "YourDigiCertCertCentralAccountID" -ApiKey "YourDigiCertCertCentralAPIKey" -OrganizationDetails (New-AzKeyVaultCertificateOrganizationDetail -Id "YourOrganizationIDfromDigiCertAccount") -PassThru[4](#doc-pos=3)</span>
    1. Set the policy for the certificate and issuing certificate from DigiCert directly in Key Vault:
    $Policy = New-AzKeyVaultCertificatePolicy -SecretContentType

    Regarding the backend API, you can use the same certificate for both frontend and backend if they are hosted on the same domain. If you have a different domain for the backend, you will need to obtain a separate certificate for it.

    The error message you are seeing (NET::<span class=" active-doc-0" data-doc-items="0">ERR_CERT_AUTHORITY_INVALID) indicates that the certificate authority is not trusted by the client. You can try installing the certificate on the VM to resolve this issue. Alternatively, you can use a publicly trusted certificate authority like DigiCert to issue the certificate for your backend API.

    I hope this helps! Let me know if you have any further questions.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.