Merge pull request #114663 from mike-urnun-msft/patch-134

PRMerger19 · web-flow · commit 0b47cc7834fd · 2020-05-09T17:54:03.000-07:00
(Azure CXP) more context on Key Vault certificates
diff --git a/articles/api-management/configure-custom-domain.md b/articles/api-management/configure-custom-domain.md
@@ -68,12 +68,12 @@ To perform the steps described in this article, you must have:
     > Wildcard domain names, e.g. `*.contoso.com` are supported in all tiers except the Consumption tier.
 
     > [!TIP]
-    > We recommend using Azure Key Vault for managing certificates and setting them to autorotate.
+    > We recommend using [Azure Key Vault for managing certificates](https://docs.microsoft.com/azure/key-vault/certificates/about-certificates) and setting them to autorenew.
     > If you use Azure Key Vault to manage the custom domain TLS/SSL certificate, make sure the certificate is inserted into Key Vault [as a _certificate_](https://docs.microsoft.com/rest/api/keyvault/CreateCertificate/CreateCertificate), not a _secret_.
     >
     > To fetch a TLS/SSL certificate, API Management must have the list and get secrets permissions on the Azure Key Vault containing the certificate. When using Azure portal all the necessary configuration steps will be completed automatically. When using command line tools or management API, these permissions must be granted manually. This is done in two steps. First, use Managed identities page on your API Management instance to make sure that Managed Identity is enabled and make a note of the principal id shown on that page. Second, give permission list and get secrets permissions to this principal id on the Azure Key Vault containing the certificate.
     >
-    > If the certificate is set to autorotate, API Management will pick up the latest version automatically without any downtime to the service (if your API Management tier has SLA - i. e. in all tiers except the Developer tier).
+    > If the certificate is set to autorenew, API Management will pick up the latest version automatically without any downtime to the service (if your API Management tier has SLA - i. e. in all tiers except the Developer tier).
 
 1. Click Apply.
 

Original file line number	Diff line number	Diff line change
`@@ -68,12 +68,12 @@ To perform the steps described in this article, you must have:`
`68`	`68`	> Wildcard domain names, e.g. `*.contoso.com` are supported in all tiers except the Consumption tier.
`69`	`69`
`70`	`70`	`> [!TIP]`
`71`		`- > We recommend using Azure Key Vault for managing certificates and setting them to autorotate.`
	`71`	`+ > We recommend using [Azure Key Vault for managing certificates](https://docs.microsoft.com/azure/key-vault/certificates/about-certificates) and setting them to autorenew.`
`72`	`72`	`> If you use Azure Key Vault to manage the custom domain TLS/SSL certificate, make sure the certificate is inserted into Key Vault [as a _certificate_](https://docs.microsoft.com/rest/api/keyvault/CreateCertificate/CreateCertificate), not a _secret_.`
`73`	`73`	`>`
`74`	`74`	> To fetch a TLS/SSL certificate, API Management must have the list and get secrets permissions on the Azure Key Vault containing the certificate. When using Azure portal all the necessary configuration steps will be completed automatically. When using command line tools or management API, these permissions must be granted manually. This is done in two steps. First, use Managed identities page on your API Management instance to make sure that Managed Identity is enabled and make a note of the principal id shown on that page. Second, give permission list and get secrets permissions to this principal id on the Azure Key Vault containing the certificate.
`75`	`75`	`>`
`76`		`- > If the certificate is set to autorotate, API Management will pick up the latest version automatically without any downtime to the service (if your API Management tier has SLA - i. e. in all tiers except the Developer tier).`
	`76`	`+ > If the certificate is set to autorenew, API Management will pick up the latest version automatically without any downtime to the service (if your API Management tier has SLA - i. e. in all tiers except the Developer tier).`
`77`	`77`
`78`	`78`	`1. Click Apply.`
`79`	`79`