Hello @Marco ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if you can use the App Service's managed certificates and link the same certificates to the Application Gateway configuration so that the Application Gateway can accept HTTPS connections.
No, it is not possible to link the free App Service managed certificate to your Application gateway configuration for HTTPS connections.
Because the free App Service managed certificate is not exportable, and Azure fully manages the certificates on your behalf.
You can see the below table which lists the options for you to add certificates in App Service:
You can create a free App Service managed certificate, if you just need to secure your custom domain in App Service.
Refer: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex
Please note that there are two product offerings: App Service Managed Certificates and App Service Certificates.
- The free App Service managed certificate is a turn-key solution for securing your custom DNS name in App Service.
- App Service certificates are purchased from Azure which are issued by GoDaddy and are maintained in Azure Key Vault.
Application Gateway offers two models for TLS termination:
- Provide TLS/SSL certificates attached to the listener. This model is the traditional way to pass TLS/SSL certificates to Application Gateway for TLS termination.
- Provide a reference to an existing Key Vault certificate or secret when you create a HTTPS-enabled listener.
The first option requires you to export a copy of the certificate. And like I mentioned above the free App Service managed certificate is not exportable.
So, you need an App service certificate which is purchased from Azure. This certificate can be exported.
The second option requires you to configure your Application Gateway to use Key Vault certificates and to maintain the certificate in Azure Key Vault, you will need to purchase an App Service certificate from Azure.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.