APP Gateway V2 + KeyVault + SSL AutoRenew

George Gergianakis 1 Reputation point
2020-05-01T09:50:00.57+00:00

Bought SSL cert from App Service Certificates (ASC) which auto imported on KeyVault (KV) as Secret.

Now I need to add it to my App Gateway V2 and have it auto renew every time the SSL gets renewed in the KV.

I have created a managed identity, given it GET permissions on my KV Secrets and assigned the identity to my Gateway.

When I go to create a new HTTPS listener, I select "import from keyvault", then I select the managed identity, then select the keyvault BUT no SSL secret is shown in the SSL dropdown list afterwards. Why?

All I need is to connect my gateway to my KV and the SSL certificate AUTO RENEWED which is the advertised functionality on all documents.

Thanks

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,956 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Grmacjon-MSFT 16,191 Reputation points
    2020-06-15T23:37:09.583+00:00

    Hi George,

    Apologies for the frustration on this issue. can you share with us what documentation you are following? Azure Application Gateway supports integration with Key Vault for server certificates that are attached to HTTPS-enabled listeners. Can you please try using this PowerShell script found in this documentation: Renew Application Gateway certificates 

    $appgw = Get-AzApplicationGateway `  
  -ResourceGroupName <ResourceGroup> `  
  -Name <AppGatewayName>  
  
$password = ConvertTo-SecureString `  
  -String "<password>" `  
  -Force `  
  -AsPlainText  
  
set-AzApplicationGatewaySSLCertificate -Name <oldcertname> `  
-ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password  
  
Set-AzApplicationGateway -ApplicationGateway $appgw

    Let me know if you have further questions or issues.

    Thanks,

    Grace

    0 comments