Share via

Failed to save application gateway changes

Nur Hafizah Binti Musa 26 Reputation points
2021-06-25T07:17:55.973+00:00

Hello,

I have deleted my old listener setup (which using self cert) and would like to replace with established cert from key vault.
Here is the error:

Failed to save configuration changes to application gateway 'qcAppGateway'. Error: Application Gateway qcAppGateway cannot have same certificate used across two Ssl Certificate elements. Certificate for /subscriptions/XXXXXXXXXXXXXXXXXXXXXXXXX/resourceGroups/QCard/providers/Microsoft.Network/applicationGateways/qcAppGateway/sslCertificates/qcListenerPublicvaultCert and /subscriptions/XXXXXXXXXXXXXXXXXXXXXXXXX/resourceGroups/QCard/providers/Microsoft.Network/applicationGateways/qcAppGateway/sslCertificates/publicQcardCertAG are same.

publicQcardCertAG is a self cert file and qcListenerPublicvaultCert is a cert name.

Kindly assist.

Cheers.

Azure Application Gateway
Azure Application Gateway

An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 50,197 Reputation points Microsoft Employee Moderator
    2021-06-28T04:09:22.02+00:00

    Hello @Nur Hafizah Binti Musa ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Even when the listener is deleted, the ssl certificate may exist unassigned in the backend, so I would request you to run the Get-AzApplicationGatewaySslCertificate PowerShell command to get the list of all ssl certificates for your application gateway:
    https://learn.microsoft.com/en-us/powershell/module/az.network/get-azapplicationgatewaysslcertificate?view=azps-6.1.0#example-2--get-a-list-of-ssl-certificates

    If you find the old ssl certificate in the list, try to remove it using the Remove-AzApplicationGatewaySslCertificate PowerShell command:
    https://learn.microsoft.com/en-us/powershell/module/az.network/remove-azapplicationgatewaysslcertificate?view=azps-6.1.0

    Post that you should be able to update the new ssl certificate from keyvault.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Manjunatha Munireddy 26 Reputation points
    2022-03-23T17:22:40.05+00:00

    Hi, thanks for trying to answer it, but it didn't work for me, i have followed the below steps to fix this issue. i'm able to fix it using AZ cli commands.

    This issue is occurring because of same root certificate is exist already on Application Gateway.

    1. Connect to your account using az login cli
    2. List all the application in your environment "az network application-gateway list"
    3. To list the specific application gateway settings "az network application-gateway list --gateway-name <applicaiton gateway name> -g <resource group name>"
    4. To list the root certificate assigned on application gateway "az network application-gateway root-cert list --gateway-name <applicaiton gateway name> -g <resource group name>"
    5. Delete the existing duplicate root certificate "az network application-gateway root-cert delete --gateway-name <applicaiton gateway name> -g <resource group name> --name <root certificate name>"
    6. Then try to upload new certificate on Application Gateway HTTP Settings

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.