You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/ssl-certificate-management.md
+11-1Lines changed: 11 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,6 +66,14 @@ There are two primary scenarios when deleting a certificate from portal:
66
66
| Port | The port associated with the listener gets updated to reflect the new state. |
67
67
| Frontend IP | The frontend IP of the gateway gets updated to reflect the new state. |
68
68
69
+
### Deletion of a listener with an SSL certificate
70
+
71
+
When a listener with an associated SSL certificate is deleted, the SSL certificate itself is not deleted. The certificate will remain in the application gateway configuration and can be assigned to another listener.
72
+
73
+
### Deletion of a key vault certificate
74
+
75
+
When deleting a certificate from key vault that is associated to an application gateway, the certificate must be deleted first on application gateway, then on key vault.
76
+
69
77
### Bulk update
70
78
The bulk operation feature is helpful for large gateways having multiple SSL certificates for separate listeners. Similar to individual certificate management, this option also allows you to change the type from "Uploaded" to "Key Vault" or vice-versa (if required). This utility is also helpful in recovering a gateway when facing misconfigurations for multiple certificate objects simultaneously.
71
79
@@ -84,7 +92,9 @@ To use the Bulk update option,
84
92
1. You can't delete a certificate object if its associated listener is a redirection target for another listener. Any attempt to do so will return the following error. You can either remove the redirection or delete the dependent listener first to resolve this problem.
85
93
`The listener associated with this certificate is configured as the redirection target for another listener. You will need to either remove this redirection or delete the redirected listener first to allow deletion of this certificate.`
86
94
87
-
1. The Application Gateway requires at least one active Listener and Rule combination. You thus cannot delete the certificate of a HTTPS listener, if no other active listener exists. This is also true if there are only HTTPS listeners on your gateway, and all of them are referencing the same certificate. Such operations are prevented because deletion of a certificate leads to deletion of all dependent sub resources.
95
+
1. The Application Gateway requires at least one active Listener and Rule combination. You thus cannot delete the certificate of an HTTPS listener, if no other active listener exists. This is also true if there are only HTTPS listeners on your gateway, and all of them are referencing the same certificate. Such operations are prevented because deletion of a certificate leads to deletion of all dependent sub resources.
96
+
97
+
1. If a certificate is deleted in key vault but the reference to the certificate in Application Gateway is not deleted, any update to the Application Gateway will cause it to appear in a failed state. To fix this, you must delete all the certificates without an associated listener one by one.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments