Skip to content

Commit 05fd9ae

Browse files
johndownsjohndowns
committed
Note that BYOC requires PFX file
1 parent c2101ed commit 05fd9ae

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

articles/frontdoor/domain.md

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ author: johndowns
66
ms.service: frontdoor
77
ms.topic: conceptual
88
ms.workload: infrastructure-services
9-
ms.date: 02/07/2023
9+
ms.date: 03/06/2023
1010
ms.author: jodowns
1111
---
1212

@@ -120,11 +120,12 @@ Sometimes, you might need to provide your own TLS certificates. Common scenarios
120120

121121
#### Certificate requirements
122122

123-
When you create your TLS/SSL certificate, you must create a complete certificate chain with an allowed certificate authority (CA) that is part of the [Microsoft Trusted CA List](https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). If you use a non-allowed CA, your request will be rejected. The root CA must be part of the [Microsoft Trusted CA List](https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). If a certificate without complete chain is presented, the requests that involve that certificate aren't guaranteed to work as expected.
123+
To use your certificate with Azure Front Door, it must meet the following requirements:
124124

125-
The common name (CN) of the certificate must match the domain configured in Azure Front Door.
126-
127-
Azure Front Door doesn't support certificates with elliptic curve (EC) cryptography algorithms.
125+
- **Complete certificate chain:** When you create your TLS/SSL certificate, you must create a complete certificate chain with an allowed certificate authority (CA) that is part of the [Microsoft Trusted CA List](https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). If you use a non-allowed CA, your request will be rejected. The root CA must be part of the [Microsoft Trusted CA List](https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). If a certificate without complete chain is presented, the requests that involve that certificate aren't guaranteed to work as expected.
126+
- **Common name:** The common name (CN) of the certificate must match the domain configured in Azure Front Door.
127+
- **Algorithm:** Azure Front Door doesn't support certificates with elliptic curve (EC) cryptography algorithms.
128+
- **File (content) type:** Your certificate must be uploaded to your key vault from a PFX file, which uses the `application/x-pkcs12` content type.
128129

129130
#### Import a certificate to Azure Key Vault
130131

0 commit comments

Comments
 (0)