Skip to content

Commit b772849

Browse files
JackStrombergJackStromberg
authored
Adding tip to docs to force certificate rotation
Adding tip to docs to force certificate rotation
1 parent cc6e9fe commit b772849

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

articles/application-gateway/key-vault-certs.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,10 @@ Application Gateway integration with Key Vault offers many benefits, including:
3131

3232
Application Gateway currently supports software-validated certificates only. Hardware security module (HSM)-validated certificates are not supported.
3333

34-
After Application Gateway is configured to use Key Vault certificates, its instances retrieve the certificate from Key Vault and install them locally for TLS termination. The instances poll Key Vault at four-hour intervals to retrieve a renewed version of the certificate, if it exists. If an updated certificate is found, the TLS/SSL certificate that's currently associated with the HTTPS listener is automatically rotated.
34+
After Application Gateway is configured to use Key Vault certificates, its instances retrieve the certificate from Key Vault and install them locally for TLS termination. The instances poll Key Vault at four-hour intervals to retrieve a renewed version of the certificate, if it exists. If an updated certificate is found, the TLS/SSL certificate that's currently associated with the HTTPS listener is automatically rotated.
35+
36+
> [!TIP]
37+
> Any change to Application Gateway will force a check against Key Vault to see if any new versions of certificates are available. This includes, but not limited to, changes to Frontend IP Configurations, Listeners, Rules, Backend Pools, Resource Tags, and more. If an updated certificate is found, the new certificate will immediately be presented.
3538
3639
Application Gateway uses a secret identifier in Key Vault to reference the certificates. For Azure PowerShell, the Azure CLI, or Azure Resource Manager, we strongly recommend that you use a secret identifier that doesn't specify a version. This way, Application Gateway will automatically rotate the certificate if a newer version is available in your key vault. An example of a secret URI without a version is `https://myvault.vault.azure.net/secrets/mysecret/`.
3740

0 commit comments

Comments
 (0)