You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/api-management/configure-custom-domain.md
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -75,7 +75,10 @@ If you already have a private certificate from a third-party provider, you can u
75
75
76
76
We recommend using Azure Key Vault to [manage your certificates](../key-vault/certificates/about-certificates.md) and setting them to `autorenew`.
77
77
78
-
If you use Azure Key Vault to manage a custom domain TLS certificate, make sure the certificate is inserted into Key Vault [as a _certificate_](/rest/api/keyvault/certificates/create-certificate/create-certificate), not a _secret_.
78
+
If you use Azure Key Vault to manage a custom domain TLS certificate, make sure the certificate is inserted into Key Vault [as a ](/rest/api/keyvault/certificates/create-certificate/create-certificate)_[certificate](/rest/api/keyvault/certificates/create-certificate/create-certificate)_, not a _secret_.
79
+
80
+
> [!CAUTION]
81
+
> When using a key vault certificate in API Management, be careful not to delete the certificate, key vault, or managed identity used to access the key vault.
79
82
80
83
To fetch a TLS/SSL certificate, API Management must have the list and get secrets permissions on the Azure Key Vault containing the certificate.
81
84
* When you use the Azure portal to import the certificate, all the necessary configuration steps are completed automatically.
@@ -106,6 +109,8 @@ API Management offers a free, managed TLS certificate for your domain, if you do
106
109
* Does not support root domain names (for example, `contoso.com`). Requires a fully qualified name such as `api.contoso.com`.
107
110
* Can only be configured when updating an existing API Management instance, not when creating an instance
108
111
112
+
113
+
109
114
---
110
115
## Set a custom domain name - portal
111
116
@@ -162,6 +167,8 @@ Choose the steps according to the [domain certificate](#domain-certificate-optio
162
167
> [!NOTE]
163
168
> The process of assigning the certificate may take 15 minutes or more depending on size of deployment. Developer tier has downtime, while Basic and higher tiers do not.
164
169
170
+
171
+
165
172
---
166
173
167
174
## DNS configuration
@@ -199,3 +206,4 @@ You can also get a domain ownership identifier by calling the [Get Domain Owners
199
206
200
207
[Upgrade and scale your service](upgrade-and-scale.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments