Merge pull request #299851 from v-albemi/ca-certificates

Freshness Edit: Azure API Management

Author: denrea

articles/api-management/api-management-howto-ca-certificates.md

@@ -1,56 +1,57 @@
 ---
-title: Add a custom CA certificate - Azure API Management | Microsoft Docs
-description: Learn how to add a custom CA certificate in Azure API Management. You can also see instructions to delete a certificate.
+title: Add a Custom CA Certificate - API Management | Microsoft Docs
+description: Learn how to add a custom CA certificate in Azure API Management. Also learn how to delete a certificate.
 services: api-management
 author: dlepow
 
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 06/01/2021
+ms.date: 05/16/2025
 ms.author: danlep 
 ms.custom:
+
+#customer intent: As an API developer, I want to add a custom CA certificate in API Management. 
 ---
 
 # How to add a custom CA certificate in Azure API Management
 
-[!INCLUDE [api-management-availability-premium-dev-standard-basic-no-v2](../../includes/api-management-availability-premium-dev-standard-basic-no-v2.md)]
+**APPLIES TO: Developer | Basic | Standard | Premium**
 
-Azure API Management allows installing CA certificates on the machine inside the trusted root and intermediate certificate stores. This functionality should be used if your services require a custom CA certificate.
+Azure API Management allows you to install CA certificates on the machine inside the trusted root and intermediate certificate stores. You should use this functionality if your services require a custom CA certificate.
 
-The article shows how to manage CA certificates of an Azure API Management service instance in the Azure portal. For example, if you use self-signed client certificates, you can upload custom trusted root certificates to API Management. 
+This article shows how to manage CA certificates of an API Management instance in the Azure portal. For example, if you use self-signed client certificates, you can upload custom trusted root certificates to API Management. 
 
-CA certificates uploaded to API Management can only be used for certificate validation by the managed API Management gateway. If you use the [self-hosted gateway](self-hosted-gateway-overview.md), learn how to [create a custom CA for self-hosted gateway](#create-custom-ca-for-self-hosted-gateway), later in this article.
+CA certificates uploaded to API Management can be used for certificate validation only by the managed API Management gateway. If you use the [self-hosted gateway](self-hosted-gateway-overview.md), you can learn how to [create a custom CA for self-hosted gateway](#create-custom-ca-for-a-self-hosted-gateway) later in this article.
 
 [!INCLUDE [api-management-workspace-availability](../../includes/api-management-workspace-availability.md)]
 
 [!INCLUDE [updated-for-az](~/reusable-content/ce-skilling/azure/includes/updated-for-az.md)]
 
 
-## <a name="step1"> </a>Upload a CA certificate
+## Upload a CA certificate
 
-:::image type="content" source="media/api-management-howto-ca-certificates/00.png" alt-text="CA certificates in the Azure portal":::
+Complete the following steps to upload a new CA certificate. If you haven't created an API Management instance yet, see [Create an API Management service instance](get-started-create-service-instance.md).
 
-Follow the steps below to upload a new CA certificate. If you have not created an API Management service instance yet, see the tutorial [Create an API Management service instance](get-started-create-service-instance.md).
+1. Go to your Azure API Management instance in the Azure portal.
 
-1. Navigate to your Azure API Management service instance in the Azure portal.
+1. In the left menu, under **Security**, select **Certificates**. On the **Certificates** page, select **CA certificates** > **+ Add**.
 
-1. In the menu, under **Security**, select **Certificates > CA certificates > + Add**.
+1. In the **Upload CA certificate** window, select the file icon and browse for the certificate .cer file. In the **Store** box, select a certificate store. Only the public key is needed, so the password is optional.
 
-1. Browse for the certificate .cer file and decide on the certificate store. Only the public key is needed, so the password is optional.
+    :::image type="content" source="media/api-management-howto-ca-certificates/02.png" alt-text="Screenshot that shows the steps for adding a CA certificate in the Azure portal." lightbox="media/api-management-howto-ca-certificates/02.png"::: 
 
-    :::image type="content" source="media/api-management-howto-ca-certificates/02.png" alt-text="Add CA certificate in the Azure portal"::: 
-1. Select **Save**. This operation may take a few minutes.
+1. Select the **Add** button at the bottom of the window, and then select **Save**. This operation might take a few minutes.
 
 > [!NOTE]
-> You can also upload a CA certificate using the `New-AzApiManagementSystemCertificate` PowerShell command.
+> You can also upload a CA certificate by using the `New-AzApiManagementSystemCertificate` PowerShell command.
 
-## <a name="step1a"> </a>Delete a CA certificate
+## Delete a CA certificate
 
-Select the certificate, and select **Delete** in the context menu (**...**).
+Select the certificate, and then select **Delete** in the **...** menu.
 
-## Create custom CA for self-hosted gateway 
+## Create custom CA for a self-hosted gateway 
 
-If you use a [self-hosted gateway](self-hosted-gateway-overview.md), validation of server and client certificates using CA root certificates uploaded to API Management service is not supported. To establish trust, configure a specific client certificate so that it's trusted by the gateway as a custom certificate authority.
+If you use a [self-hosted gateway](self-hosted-gateway-overview.md), validation of server and client certificates via CA root certificates uploaded to API Management service isn't supported. To establish trust, configure a specific client certificate so that it's trusted by the gateway as a custom certificate authority.
 
 Use the [Gateway Certificate Authority](/rest/api/apimanagement/current-ga/gateway-certificate-authority) REST APIs to create and manage custom CAs for a self-hosted gateway. To create a custom CA:
 

articles/api-management/api-management-howto-configure-custom-domain-gateway.md

@@ -55,7 +55,7 @@ Add a custom domain certificate (.PFX) file to your API Management instance, or
 9. Select **Add** to assign the custom domain name to the selected self-hosted gateway.
 
 > [!NOTE]
-> If clients connecting to the self-hosted gateway using the custom domain expect to be presented with all intermediate certificates in the chain, you must upload individual CA certificates to your API Management Service and associate them with the self-hosted gateway. For instructions on how to achieve this, see [Create custom CA for self-hosted gateway](api-management-howto-ca-certificates.md#create-custom-ca-for-self-hosted-gateway) .
+> If clients connecting to the self-hosted gateway using the custom domain expect to be presented with all intermediate certificates in the chain, you must upload individual CA certificates to your API Management Service and associate them with the self-hosted gateway. For instructions on how to achieve this, see [Create custom CA for self-hosted gateway](api-management-howto-ca-certificates.md#create-custom-ca-for-a-self-hosted-gateway) .
 ## Related content
 
 [Upgrade and scale your service](upgrade-and-scale.md)