Hello @Lee Reams,
Thank you for posting your query on Microsoft Q&A.
Looks like you've taken the correct steps to set up your Azure Application Gateway and Azure Key Vault with a user-assigned managed identity and RBAC, but you're still encountering issues when trying to load certificates from the Key Vault.
typically, the mention error occurs when the Application Gateway's managed identity is not granted sufficient or correct permissions to access the Key Vault.
To provide the better solution for this issue, could you please double-check and confirm the following points:
- To access Key Vault, you need to enable managed Identity on your Application Gateway. This means using User assigned, as it does not support a system assigned one.
- Once created and assigned to the Application Gateway, you need to grant the identity rights on the Key Vault to read secrets (yes, secretes, not certificates). This permission can be set either with key vault access policies or Azure RBAC, depending on how you have Key Vault setup.
In your case, since you're using RBAC, assign the appropriate permissions through RBAC.