APP Gateway V2 + KeyVault + SSL AutoRenew

George Gergianakis 1 Reputation point

Bought SSL cert from App Service Certificates (ASC) which auto imported on KeyVault (KV) as Secret.

Now I need to add it to my App Gateway V2 and have it auto renew every time the SSL gets renewed in the KV.

I have created a managed identity, given it GET permissions on my KV Secrets and assigned the identity to my Gateway.

When I go to create a new HTTPS listener, I select "import from keyvault", then I select the managed identity, then select the keyvault BUT no SSL secret is shown in the SSL dropdown list afterwards. Why?

All I need is to connect my gateway to my KV and the SSL certificate AUTO RENEWED which is the advertised functionality on all documents.


Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,389 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Grmacjon-MSFT 17,371 Reputation points

    Hi George,

    Apologies for the frustration on this issue. can you share with us what documentation you are following? Azure Application Gateway supports integration with Key Vault for server certificates that are attached to HTTPS-enabled listeners. Can you please try using this PowerShell script found in this documentation: Renew Application Gateway certificates

    $appgw = Get-AzApplicationGateway `  
      -ResourceGroupName <ResourceGroup> `  
      -Name <AppGatewayName>  
    $password = ConvertTo-SecureString `  
      -String "<password>" `  
      -Force `  
    set-AzApplicationGatewaySSLCertificate -Name <oldcertname> `  
    -ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password  
    Set-AzApplicationGateway -ApplicationGateway $appgw  

    Let me know if you have further questions or issues.



    0 comments No comments