APP Gateway V2 + KeyVault + SSL AutoRenew

Question

Bought SSL cert from App Service Certificates (ASC) which auto imported on KeyVault (KV) as Secret.

Now I need to add it to my App Gateway V2 and have it auto renew every time the SSL gets renewed in the KV.

I have created a managed identity, given it GET permissions on my KV Secrets and assigned the identity to my Gateway.

When I go to create a new HTTPS listener, I select "import from keyvault", then I select the managed identity, then select the keyvault BUT no SSL secret is shown in the SSL dropdown list afterwards. Why?

All I need is to connect my gateway to my KV and the SSL certificate AUTO RENEWED which is the advertised functionality on all documents.

Thanks

Answer 1

Hi George,

Apologies for the frustration on this issue. can you share with us what documentation you are following? Azure Application Gateway supports integration with Key Vault for server certificates that are attached to HTTPS-enabled listeners. Can you please try using this PowerShell script found in this documentation: Renew Application Gateway certificates

$appgw = Get-AzApplicationGateway `  
  -ResourceGroupName <ResourceGroup> `  
  -Name <AppGatewayName>  
  
$password = ConvertTo-SecureString `  
  -String "<password>" `  
  -Force `  
  -AsPlainText  
  
set-AzApplicationGatewaySSLCertificate -Name <oldcertname> `  
-ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password  
  
Set-AzApplicationGateway -ApplicationGateway $appgw  

Let me know if you have further questions or issues.

Thanks,

Grace