Share via

Could not update the ssl certificate in azure application gateway

I Nino 20 Reputation points
2024-03-20T16:01:37.05+00:00

I have replace the value and execute the command getting the error
https://learn.microsoft.com/en-us/azure/application-gateway/renew-certificates

az cli command could be
az network application-gateway ssl-cert update \ -n "<CertName>" \ --gateway-name "<AppGatewayName>" \ -g "ResourceGroupName>" \ --cert-file <PathToCerFile> \ --cert-password "<password>"

Please find the error details

(ApplicationGatewayCertificateOnlyOneOfDataAndKeyVaultSecretIdMustBeSpecified) Only one of Data and KeyVaultSecretId must be specified for Certificate '/subscriptions/1a6072ad-5b67-4f24-b4bc-5b4d90bddb0d/resourceGroups/TCW-Stage/providers/Microsoft.Network/applicationGateways/Stage-AGW/sslCertificates/connectbase-new' in Application Gateway.                                                                       Code: ApplicationGatewayCertificateOnlyOneOfDataAndKeyVaultSecretIdMustBeSpecified                                                                                                                             Message: Only one of Data and KeyVaultSecretId must be specified for Certificate '/subscriptions/1a6072ad-5b67-4f24-b4bc-5b4d90bddb0d/resourceGroups/TCW-Stage/providers/Microsoft.Network/applicationGateways/Stage-AGW/sslCertificates/connectbase-new' in Application Gateway.
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
971 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 48,011 Reputation points Microsoft Employee
    2024-03-21T06:36:07.2833333+00:00

    Hello @I Nino ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are unable update the SSL certificate in Azure Application gateway and getting the following error "(ApplicationGatewayCertificateOnlyOneOfDataAndKeyVaultSecretIdMustBeSpecified) Only one of Data and KeyVaultSecretId must be specified for Certificate '/subscriptions/xxxx/connectbase-new' in Application Gateway".

    You can find the troubleshooting doc below with this error and suggested resolution:

    https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-key-vault-common-errors#error-code-applicationgatewaycertificatedataorkeyvaultsecretidmustbespecified--applicationgatewaysslcertificatedatamustbespecified

    Description: You may encounter this error when trying to update a listener certificate. When this error occurs, the change to update the certificate will be discarded, and the listener will continue to handle traffic with the previously defined configuration.

    Resolution: To resolve this issue, please try uploading the certificate again. PowerShell commands may be used to update certificates uploaded to Application Gateway or referenced via Azure Key Vault.

    From your CLI command above, looks like you are uploading certificate directly to Application gateway and not from Azure Key Vault. Please confirm this.

    If yes, then please run the below PowerShell commands:

    $appgw = Get-AzApplicationGateway -ResourceGroupName "<ResourceGroup>" -Name "<AppGatewayName>"

$password = ConvertTo-SecureString -String "<password>" -Force -AsPlainText

Set-AzApplicationGatewaySSLCertificate -Name "<oldcertname>" -ApplicationGateway $appgw -CertificateFile "<newcertPath>" -Password $password

Set-AzApplicationGateway -ApplicationGateway $appgw

    If you encounter any issues, please share the error message for further troubleshooting.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments