Create API Management with custom proxy ssl using KeyVault.
This template shows an example of how to deploy an Azure API Management service with SSL Certificate from KeyVault as Resource Manager Reference.
In order to deploy this template, you need to have the following resources:
- A Key Vault
- An ssl certificate issued for the domain that you want to configure proxy for. This can be a self-signed certificate.
- You will need to allow Azure Resource Manager access to the KeyVault
PowerShell script to upload certificate into a Key Vault Secret:
$pfxFilePath = "PFX_CERTIFICATE_FILE_PATH" # Change this path
$pwd = "PFX_CERTIFICATE_PASSWORD" # Change this password
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName KEY_VAULT_NAME -Name KEY_VAULT_SECRET_NAME -SecretValue $Secret -ContentType $secretContentType # Change Key Vault name and Secret name
Tags: Microsoft.ApiManagement/service, Proxy