Share via

powershell script to change certificate in WAF

GIRISH PAI 0 Reputation points
2025-06-16T05:26:05.38+00:00

I have renewed my SSL certificate. Is there any powershell script to change certificate in WAF

Azure Web Application Firewall

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. G Sree Vidya 2,270 Reputation points Microsoft External Staff Moderator
    2025-06-18T05:23:33.2733333+00:00

    hi GIRISH PAI

    Apologies for the delay

    To add multiple listeners, you can loop through your listeners and backend settings using a script like this: please try this above script do let me know if it works:

    # Load the Application Gateway
$appgw = Get-AzApplicationGateway -ResourceGroupName "<ResourceGroup>" -Name "<AppGatewayName>"

# Secure password for the new certificate
$password = ConvertTo-SecureString -String "<password>" -Force -AsPlainText

# Define the new certificate path
$certPath = "<PathToNewPfx>"

# List of SSL certificate names to update
$sslCertNames = @("cert1", "cert2", "cert3", "cert4", "cert5", "cert6", "cert7", "cert8", "cert9", "cert10")

foreach ($certName in $sslCertNames) {
    Set-AzApplicationGatewaySslCertificate -ApplicationGateway $appgw `
        -Name $certName `
        -CertificateFile $certPath `
        -Password $password
}

# Commit the changes
Set-AzApplicationGateway -ApplicationGateway $appgw

    You have 10 SSL certificates named consistently (e.g., cert1 to cert10).

    All certificates are being replaced with the same .pfx file and password. If each has a different file, you can use a hashtable instead.

    0 comments
  2. Alex Burlachenko 9,780 Reputation points
    2025-06-18T07:57:27.1733333+00:00

    hi GIRISH PAI great question ))

    for microsoft's azure application gateway, u can use this script. it grabs ur current gateway config, swaps the old cert with the new one, and updates everything in one go. https://learn.microsoft.com/en-us/azure/application-gateway/renew-certificates

    $appgw = Get-AzApplicationGateway -ResourceGroupName <ResourceGroup> -Name <AppGatewayName>
$password = ConvertTo-SecureString -String "<password>" -Force -AsPlainText
set-AzApplicationGatewaySSLCertificate -Name <oldcertname> -ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password
Set-AzApplicationGateway -ApplicationGateway $appgw

    make sure ur new cert is in .pfx format and u got the password handy. azure loves pfx files for some reason ))

    if ur waf isn't from microsoft, the process is similar but commands differ. most platforms need...

    the cert file (usually .pem or .pfx), private key password, the exact name of the old cert ur replacing.

    So... before swapping certs in production, test the new one in staging. saved my butt multiple times :)) also check if ur waf has auto-renewal options. some cloud providers offer this now. worth looking into cert rotation policies too. they can automate this whole process so u don't have to manually script it next time. microsoft's got some cool features for this in azure key vault. btw, nice job staying on top of cert renewals! so many breaches happen just because of expired certs. u're doing it right ))

    let me know if the script works for u.

    rgds,

    Alex

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.