Share via

App Service certificate - multiple subscriptions

Ellrick 26 Reputation points
2021-09-06T12:10:45.83+00:00

Hello,

I would like to take the advantage of the SSL auto-renewal in the App Service Certificates and purchase the wildcard SSL.

When it comes to creating a certificate it asks me in which Subscription I want to create my certificate, there is also notification saying: "Once created, App Service Certificates can only be used by other App Services within the same subscription."

We have a few subscriptions, and I would like to use the same, single wildcard SSL certificate across all of them for different web apps.
All subscriptions belong to the same Azure tenant.

Does it mean, I have to purchase wildcard SSL for each subscription? Can I export the SSL and import to multiple subscriptions? Will it still auto-renew across all of them?

Thanks

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,965 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-09-07T23:01:52.75+00:00

    That information appears to be out of date. You can now export the Azure SSL certificate as a PFX file. https://stackoverflow.com/questions/38836724/export-azure-ssl-certificate-as-pfx-file

    The FAQ was later updated to say:

    "We’ve gotten a lot of feedback from customers asking for this ability, so we now allow you to export your certificate as a PFX file so that you can use it across multiple subscriptions and Azure services."

    See also:

    Wild Card SSL for Multiple Client Cloud Service
    Configure SSL Certificate
    Add a TLS/SSL certificate in Azure App Service

    0 comments
  2. Ellrick 26 Reputation points
    2021-09-08T13:17:08.683+00:00
    0 comments
  3. Ellrick 26 Reputation points
    2021-09-09T10:57:53.18+00:00

    So, I followed the guide and purchased the wildcard SSL certificate, I also configured the Key Vault, all this has been done in let's call "Subscription 1".

    Now I want to use my wildcard SSL in "Subscription 2".

    I created a Key Vault in Subscription 2 and imported a PFX from Subscription 1.

    Does the SSL auto-renewal now also applies to "Subscription 2" or I have to export and import the SSL again next year?

    Thanks

    0 comments
  4. Ellrick 26 Reputation points
    2021-09-10T12:06:42.033+00:00

    Hi @Marilee Turscak-MSFT

    Can my web app in "Subscription 2" access the purchased wildcard SSL in Key Vault in "Subscription 1"?

    I enabled the system identity for my app, and I configured Access Policies for Key Vault, but I still can't import Key Vault Certificate.
    I assume this is because the actual certificate is not stored in Key Vault, only the secret for the certificate.

    Thanks!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.