You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/ssl-certificate-management.md
+15-2Lines changed: 15 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,12 +43,12 @@ From the list view, you can select the certificate name or three-dot menu option
43
43
44
44
* Changing the key vault association of a certificate – You can change a certificate’s reference from one key vault resource to another. When doing so, ensure the User-Assigned Managed Identity of your application gateway has sufficient access controls on the new key vault.
45
45
46
-
* Renewal of an uploaded certificate – When an existing uploaded certificate is due for renewal, you can upload a new PFX file to update your application gateway.
46
+
* Renewal of an uploaded certificate – When an existing uploaded certificate is due for renewal, you can upload a new PFX file to the existing certificate object of your application gateway.
47
47
48
48
* Changing the certificate type from "key vault" to "uploaded" (or vice-versa) – You can easily transition your certificate provision from the one stored on your Application Gateway to the purpose-built Key Vault service.
49
49
50
50
> [!NOTE]
51
-
> A change in certificate associated with multiple listeners would reflect on all the listeners.
51
+
> A change in certificate associated with multiple listeners would reflect on all the listeners. You can view the individual listener information to identify the related listeners.
52
52
53
53
### Deletion of an SSL certificate
54
54
@@ -66,6 +66,19 @@ There are two primary scenarios when deleting a certificate from portal:
66
66
| Port | The port associated with the listener gets updated to reflect the new state. |
67
67
| Frontend IP | The frontend IP of the gateway gets updated to reflect the new state. |
68
68
69
+
### Bulk update
70
+
The bulk operation feature is helpful for large gateways having multiple SSL certificates for separate listeners. Similar to individual certificate management, this option allows you to change the type from "Uploaded" to "Key Vault" or vice-versa. This utility is also helpful in recovering a gateway when facing misconfigurations for multiple certificate objects simultaneously.
71
+
72
+
To use the Bulk update option,
73
+
1. Choose the certificates to be updated using the checkboxes and select the "Bulk update" menu option.
74
+
75
+
1. On the next page, you can modify the settings for each certificate as needed. Based on your selection in Step 1, you will see different options for Step 2 and Step 3. Thus, it would be best to go step by step for each certificate row. The certificates you see here will be as per your selection. You may use the three-dot menu option to remove a wrongly selected certificate from the list.
76
+
77
+
1. Once all the settings are updated, select Save.
78
+
79
+
> [!NOTE]
80
+
> Be aware of the listeners associated with each certificate when making a bulk change. Depending on your configuration, this single operation could update multiple certificates and many more listeners. Refer to the individual certificate information blade to identify the related listeners.
81
+
69
82
#### Caveats
70
83
71
84
1. You can't delete a certificate object if its associated listener is a redirection target for another listener. Any attempt to do so will return the following error. You can either remove the redirection or delete the dependent listener first to resolve this problem.
0 commit comments