Share via

Newly generated certificate is using the wrong provider

avadaniisergiu 0 Reputation points
2026-02-23T15:02:17.4166667+00:00

We had an expiring certificate for our domain. It expired on the 22nd of February at midnight and it was issued by "GeoTrust TLS RSA CA G1". We did not trigger the re-issuing so Azure has automatically done that.

Unfortunately, said Issuer is different from the former one, called "GeoTrust Global TLS RSA4096 SHA256 2022 CA1" and as such, our product's firmware is refusing the connection. We cannot roll a Firmware update to our products since they refuse to connect to our back-end.

Is there a possibility to reissue the certificate using Issuer: "GeoTrust Global TLS RSA4096 SHA256 2022 CA1" instead of the current one? Since the certificate was not re-issued by us, our hands are tied and all our products are currently Offline.

Much obliged.

Azure Application Gateway
Azure Application Gateway

An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator
    2026-02-23T17:36:17.02+00:00

    Hi @ Astreea,

    Welcome to Microsoft Q&A Platform

    I totally understand the frustration you're facing with the automatically reissued certificate for your domain using the wrong issuer. The Azure Application Gateway doesn't natively allow you to directly specify a different issuer for a reissued certificate.

    However, there are a few things you can consider trying:

    Reissue Certificates Manually: Since the automatic renewal picked a different issuer, you might want to manually obtain a new certificate from the specific issuer you want, which is "GeoTrust Global TLS RSA4096 SHA256 2022 CA1". You can get this certificate from your SSL provider or through services like Azure Key Vault if you're managing your certificates that way.

    Upload the Certificate to Key Vault: If you haven't already, you can manage certificates through Azure Key Vault. You'd need to ensure that the private key of the certificate is exportable if you're using Key Vault, as this is essential for Azure Application Gateway to use the private key properly.

    Verify Configuration: Once you have the new certificate in the required format, you can upload it to your Application Gateway configuration. The Application Gateway requires that the SSL settings be configured to use the certificate associated with the correct issuer.

    Update Your Application Gateway Settings: After uploading the certificate, ensure that your Application Gateway's HTTPS settings are pointed to the correct certificate. Follow the instructions to reconfigure your SSL settings to point to the updated certificate.

    Check Connectivity: Make sure that your Application Gateway has the necessary permissions to access the Key Vault, if used, and that any firewall rules allow for connectivity.

    Ref: TLS certificates management for listeners

    Renew Application Gateway certificates

    Please210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.