Azure – Front Door, Custom Domain - BYOC Secret is not listing certificates from Azure Keyvault

Question

Azure – Front Door, Custom Domain - BYOC Secret is not listing certificates from Azure Keyvault

Chittybabu V 21

I'm trying to setup a custom domain in Azure frontDoor using "GoDaddy" issued certificate. I did followed the steps given in the below Microsoft links.

https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain
https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal

Note that there is no firewall enabled on Keyvault , Service Prinicple added, Access policy is set ( Get & List set for Secrets & Certificates ) and also my account has full access to Keyvault.

After successfully adding the certificate in the Keyvault , I'm not getting the keyvault list in "Secret" under BYOC.

Any one experienced the similar issue? Pls advise. Thanks.

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-05-03T05:17:58.32+00:00
@Chittybabu V
Thank you for your post!

After adding your certificate to your Key Vault, can you expand on what you mean by you aren't getting the Key Vault List in "Secret" under BYOC?

Are you receiving any error messages that you can share? If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Chittybabu V 21 Reputation points

2022-05-03T06:34:11.41+00:00

Thanks James for the response.

There message says "no available items".

To add further with the post, I could successfully add the the certificate from Keyvault to FrontDoor profile and the "secrets" has a value of keyvault certificate.

But , when you go to custom domain of the FrontDoor, the secret value is not getting listed in BYOC "secret" list. I expect to see the value from FrontDoor profile "secret" in BYOC to add, but it's not.

Pls refer the screenshots.

198405-frontdoor-profile-imported-certificate.pdf
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-05-03T23:26:22.76+00:00

@Chittybabu V
Thank you for the quick follow up and for sharing the screenshots!

Since you were able to successfully import your certificate into the Azure Key Vault, and it looks like the term "Secret" with AFD, is referring to the actual Secrets Tab within Azure Front Door, I've reached out to our Azure Front Door team to take a look into this issue.

Please allow some time for their community and team to take a closer look into your issue.
Thank you for your time and patience throughout this issue!

2 answers

Your answer

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-05-03T05:17:58.32+00:00

@Chittybabu V
Thank you for your post!

After adding your certificate to your Key Vault, can you expand on what you mean by you aren't getting the Key Vault List in "Secret" under BYOC?

Are you receiving any error messages that you can share? If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Chittybabu V 21 Reputation points

2022-05-03T06:34:11.41+00:00

Thanks James for the response.

There message says "no available items".

To add further with the post, I could successfully add the the certificate from Keyvault to FrontDoor profile and the "secrets" has a value of keyvault certificate.

But , when you go to custom domain of the FrontDoor, the secret value is not getting listed in BYOC "secret" list. I expect to see the value from FrontDoor profile "secret" in BYOC to add, but it's not.

Pls refer the screenshots.

198405-frontdoor-profile-imported-certificate.pdf
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2022-05-03T23:26:22.76+00:00

@Chittybabu V
Thank you for the quick follow up and for sharing the screenshots!

Since you were able to successfully import your certificate into the Azure Key Vault, and it looks like the term "Secret" with AFD, is referring to the actual Secrets Tab within Azure Front Door, I've reached out to our Azure Front Door team to take a look into this issue.

Please allow some time for their community and team to take a closer look into your issue.
Thank you for your time and patience throughout this issue!

Answer 1

Luis Rodriguez 6,226 Microsoft Employee

Hello @Chittybabu V

I've seen cases where the certificate was not being applied properly on the Front Door after being updated on the Key Vault side.
The workaround would be to "trick" the Front Door by running a PUT operation to deploy again the latest certificate.

For that you have to go to the Front Door custom domain configuration page and make any change on any of the settings.
Once done you can revert your change back to the original settings.

NOTE: to deploy the certificate again globally can take some hours.

I hope this helps

----------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Anonymous

2022-05-03T12:46:26.523+00:00

Thanks Luis for the workaround.

I've tried to make some changes in custom domain settings by reconfiguring but it didn't help.
I also tried to cleanup everything and then added Keyvault certificate in FD profile secret followed by new custom domain creation. but no luck.

Any other suggestions please.
Luis Rodriguez 6,226 Reputation points Microsoft Employee

2022-05-03T13:47:03.16+00:00

Hello @Chittybabu V

If the plan proposed didn't work and the documentation has been followed without hitting issues i would recommend to raise a support ticket so the experts can check if there is a sync issue between Front Door and Key Vault.

----------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

Anonymous

The issue has been sorted out ! The issue was with the certificate. I got the wrong wildcard certificate for the custom domain. After attaching the correct wildcard certificate, FD is able to show the list under BYOC.

@Luis Rodriguez @JamesTran-MSFT - Thank you so much for the support.

Share via

Azure – Front Door, Custom Domain - BYOC Secret is not listing certificates from Azure Keyvault

2 answers

Your answer