This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 93%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Hello,
We have an App Service running containing a Wordpress instance.
I need to update the wildcard SSL certificate as it is about to run out.
From my Cert authority I have received pfx files, both with and without intermediate ca inside.
When trying to import it as a Private certificate I receive the following error:
I cannot find any additional information.
Have tried to change the pfx password to a more simple password but to no avail.
What can be the cause of this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Update: The issue here was due to Insufficient rights which caused the useless error message. After granting the correct rights the problem was resolved.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 24%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
I'm currently experiencing the same issue, which rights were needed to give a solution to this?
Thanks this means you should be having admin rights on subscription to to upload pfx cert.
You may refer to below link might be helpful:
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 74%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Voited up for the "Useless error message" comment. It's 2021. If something's gone wrong, TELL US the cause. Microsoft should be better than this, by now... Otherwise, let's go back to the 1990s and start reporting cryptic hexadecimal error codes instead.
App Service Plan is B1, which should allow for SSL Certificates. Also, the old currently installed certificates are properly binded and working.
Thanks for asking question! You may want to know that if you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements:
• Exported as a password-protected PFX file
• Contains private key at least 2048 bits long
• Contains all intermediate certificates in the certificate chain
Also, suggest you to access App Service diagnostics ; App Service diagnostics is an intelligent and interactive experience to help you troubleshoot your app with no configuration required.
Navigate to your App Service web app in the Azure portal. In the left navigation, click on Diagnose and solve problems > click on SSL and Domains > select certificate upload operation
You may also refer to this blog on Common errors when uploading certificates to Azure App Service might be helpful.
Let us know if you have further question on this.
Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you
"You may also refer to this blog on Common errors when uploading certificates to Azure App Service might be helpful."
Or, perhaps, just perhaps, Microsoft should be telling us the cause of the error, rather than giving us a pointless "Upload for private certificate failed. Check the notification error for more details." error message.
I don't want to go and read about Common Errors, I want to know why my certificate didn't upload.
Microsoft should be better than this, by now.
Btw, your "App Service diagnostics" hyperlink has a + at the end of it, so takes you to a "Page not found" screen.
Hello,
The certificate meets the requirements. This was checked with the Cert. Authority.
Also tried to upload an older certificate which is in use at other App Services, fails with the same error: Upload for private certificate failed. Check the notification error for more details which leads me to believe the issue is on the Azure side.
The password for the pfx must be correct. When changing the password the error changes telling me the password is incorrect.
App Service Diagnostics shows no errors (No uploads either for that matter, which seems strange to me as I have tried it 4 times also with different certificates):
After checking in the Resource Explorer there is no conflicting information which could keep this certificate from importing. All information in there is from current / older certificates.
What I do find strange is that an installed certificate (Old certificate) shows a different Certification path:
than on my computer while having the same Thumbprint:
Thanks for the clarification. Could you please send an email to AzCommunity[at]Microsoft[dot]com referencing this issue, we would like to work closer with you on this matter.
Sent the requested E-mail, will update this post when we have the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 48%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGJ%3C/text%3E%3C/svg%3E)
We are experiencing the same problem. Did you have this issue solved?
This issue was due to Insufficient rights which caused the useless error message. After granting the correct rights the problem was resolved.
Thanks for your reply, but I am an administrator already. I have all rights needed. Is another reason possible for my problem?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 13%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
"contributor" role at the subscription scope is needed.
As a contributor, I can BUY an app service certificate and charge it to the subscriptions bill, I can add it to the key vault, I can assign a public domain name to the app service, but I cannot associate the created app service certificate with the app service...
The error message reads :
Your user account does not have authorization to perform action 'Microsoft.Web/certificates/write' on this site /subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Web/sites/<appservicename>/slots/<slotname>. If access was recently granted please refresh your credentials.
"Contributor" of the App service or slot does not have "microsoft.web/certificates/write" action permitted.
The "microsoft.web/certificates/write" permission is granted only at the subscription level.
This is not documented. But this is how it works. Azure or App Service support cannot explain this either.
Hope this helps.