Certificates - Create Or Update

Service:

App Service

API Version:

2025-05-01

Description for Create or update a certificate.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/certificates/{name}?api-version=2025-05-01

URI Parameters

Name	In	Required	Type	Description
name	path	True	string	Name of the certificate.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
api-version	query	True	string minLength: 1	The API version to use for this operation.

Request Body

Name	Required	Type	Description
location	True	string	The geo-location where the resource lives
kind		string	Kind of resource. If the resource is an app, you can refer to https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md#app-service-resource-kind-reference for details supported values for kind.
properties.canonicalName		string	CNAME of the certificate to be issued via free certificate
properties.domainValidationMethod		string	Method of domain validation for free cert
properties.hostNames		string[]	Host names the certificate applies to.
properties.keyVaultId		string (arm-id)	Azure Key Vault Csm resource Id.
properties.keyVaultSecretName		string	Azure Key Vault secret name.
properties.password		string	Certificate password.
properties.pfxBlob		string (byte)	Pfx blob.
properties.serverFarmId		string (arm-id)	Resource ID of the associated App Service plan.
tags		object	Resource tags.

Responses

Name	Type	Description
200 OK	Certificate	Resource 'Certificate' update operation succeeded
Other Status Codes	DefaultErrorResponse	An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create Or Update Certificate

Sample request

HTTP

PUT https://management.azure.com/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/testrg123/providers/Microsoft.Web/certificates/testc6282?api-version=2025-05-01

{
  "location": "East US",
  "properties": {
    "hostNames": [
      "ServerCert"
    ],
    "password": "<password>"
  }
}

Sample response

Status code:

200

{
  "name": "testc6282",
  "type": "Microsoft.Web/certificates",
  "id": "/subscriptions/34adfa4f-cedf-4dc0-ba29-b6d1a69ab345/resourceGroups/testrg123/providers/Microsoft.Web/certificates/testc6282",
  "location": "East US",
  "properties": {
    "expirationDate": "2039-12-31T23:59:59+00:00",
    "friendlyName": "",
    "hostNames": [
      "ServerCert"
    ],
    "issueDate": "2015-11-12T23:40:25+00:00",
    "issuer": "CACert",
    "subjectName": "ServerCert",
    "thumbprint": "FE703D7411A44163B6D32B3AD9B03E175886EBFE"
  }
}

Definitions

Name	Description
Certificate	SSL certificate for an app.
createdByType	The type of identity that created the resource.
DefaultErrorResponse	App Service error response.
DefaultErrorResponseError	Error model.
DefaultErrorResponseErrorDetailsItem	Detailed errors.
HostingEnvironmentProfile	Specification for an App Service Environment to use for this resource.
KeyVaultSecretStatus	Status of the Key Vault secret.
systemData	Metadata pertaining to creation and last modification of the resource.

Certificate

Object

SSL certificate for an app.

Name	Type	Description
id	string (arm-id)	Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind	string	Kind of resource. If the resource is an app, you can refer to https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md#app-service-resource-kind-reference for details supported values for kind.
location	string	The geo-location where the resource lives
name	string	The name of the resource
properties.canonicalName	string	CNAME of the certificate to be issued via free certificate
properties.cerBlob	string (byte)	Raw bytes of .cer file
properties.domainValidationMethod	string	Method of domain validation for free cert
properties.expirationDate	string (date-time)	Certificate expiration date.
properties.friendlyName	string	Friendly name of the certificate.
properties.hostNames	string[]	Host names the certificate applies to.
properties.hostingEnvironmentProfile	HostingEnvironmentProfile	Specification for the App Service Environment to use for the certificate.
properties.issueDate	string (date-time)	Certificate issue Date.
properties.issuer	string	Certificate issuer.
properties.keyVaultId	string (arm-id)	Azure Key Vault Csm resource Id.
properties.keyVaultSecretName	string	Azure Key Vault secret name.
properties.keyVaultSecretStatus	KeyVaultSecretStatus	Status of the Key Vault secret.
properties.password	string	Certificate password.
properties.pfxBlob	string (byte)	Pfx blob.
properties.publicKeyHash	string	Public key hash.
properties.selfLink	string	Self link.
properties.serverFarmId	string (arm-id)	Resource ID of the associated App Service plan.
properties.siteName	string	App name.
properties.subjectName	string	Subject name of the certificate.
properties.thumbprint	string	Certificate thumbprint.
properties.valid	boolean	Is the certificate valid?.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	Resource tags.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

DefaultErrorResponse

Object

App Service error response.

Name	Type	Description
error	DefaultErrorResponseError	Error model.

DefaultErrorResponseError

Object

Error model.

Name	Type	Description
code	string	Standardized string to programmatically identify the error.
details	DefaultErrorResponseErrorDetailsItem[]	Detailed errors.
innererror	string	More information to debug error.
message	string	Detailed error description and debugging information.
target	string	Detailed error description and debugging information.

DefaultErrorResponseErrorDetailsItem

Object

Detailed errors.

Name	Type	Description
code	string	Standardized string to programmatically identify the error.
message	string	Detailed error description and debugging information.
target	string	Detailed error description and debugging information.

HostingEnvironmentProfile

Object

Specification for an App Service Environment to use for this resource.

Name	Type	Description
id	string	Resource ID of the App Service Environment.
name	string	Name of the App Service Environment.
type	string	Resource type of the App Service Environment.

KeyVaultSecretStatus

Enumeration

Status of the Key Vault secret.

Value	Description
Initialized
WaitingOnCertificateOrder
Succeeded
CertificateOrderFailed
OperationNotPermittedOnKeyVault
AzureServiceUnauthorizedToAccessKeyVault
KeyVaultDoesNotExist
KeyVaultSecretDoesNotExist
UnknownError
ExternalPrivateKey
Unknown

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.