Azure – Front Door, Custom Domain - BYOC Secret is not listing certificates from Azure Keyvault

Chittybabu V 21 Reputation points
2022-05-02T07:11:49.547+00:00

I'm trying to setup a custom domain in Azure frontDoor using "GoDaddy" issued certificate. I did followed the steps given in the below Microsoft links.

https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain
https://learn.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal

Note that there is no firewall enabled on Keyvault , Service Prinicple added, Access policy is set ( Get & List set for Secrets & Certificates ) and also my account has full access to Keyvault.

After successfully adding the certificate in the Keyvault , I'm not getting the keyvault list in "Secret" under BYOC.

Any one experienced the similar issue? Pls advise. Thanks.

198164-keyvault-accesspolicy.png

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
627 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Luis Rodriguez 6,201 Reputation points Microsoft Employee
    2022-05-03T08:26:08.683+00:00

    Hello @Chittybabu V

    I've seen cases where the certificate was not being applied properly on the Front Door after being updated on the Key Vault side.
    The workaround would be to "trick" the Front Door by running a PUT operation to deploy again the latest certificate.

    For that you have to go to the Front Door custom domain configuration page and make any change on any of the settings.
    Once done you can revert your change back to the original settings.

    NOTE: to deploy the certificate again globally can take some hours.

    I hope this helps

    ----------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

  2. Anonymous
    2022-05-04T02:20:14.813+00:00

    The issue has been sorted out ! The issue was with the certificate. I got the wrong wildcard certificate for the custom domain. After attaching the correct wildcard certificate, FD is able to show the list under BYOC.

    @Luis Rodriguez @JamesTran-MSFT - Thank you so much for the support.

    1 person found this answer helpful.
    0 comments No comments