Skip to content

Commit fee9727

Browse files
edburnsedburns
committed
On branch edburns-MSFT-appGatewayKeyVault https://stackoverflow.microsoft.com/questions/193619
modified: articles/application-gateway/key-vault-certs.md - Emphasize the need for the certificate to be passwordless.
1 parent 72dfcf0 commit fee9727

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

articles/application-gateway/key-vault-certs.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,10 @@ Application Gateway integration with Key Vault requires a three-step configurati
4242

4343
1. **Configure your key vault**
4444

45-
You then either import an existing certificate or create a new one in your key vault. The certificate will be used by applications that run through the application gateway. In this step, you can also use a key vault secret that's stored as a password-less, base 64-encoded PFX file. We recommend using a certificate type because of the autorenewal capability that's available with certificate type objects in the key vault. After you've created a certificate or a secret, you define access policies in the key vault to allow the identity to be granted *get* access to the secret.
45+
You then either import an existing certificate or create a new one in your key vault. The certificate will be used by applications that run through the application gateway. In this step, you can also use a key vault secret that's stored as a password-less, base-64 encoded PFX file. We recommend using a certificate type because of the autorenewal capability that's available with certificate type objects in the key vault. After you've created a certificate or a secret, you define access policies in the key vault to allow the identity to be granted *get* access to the secret.
46+
47+
> [!NOTE]
48+
> If you are deploying the Application Gateway via an ARM template, either using the Azure CLI or PowerShell, or via an Azure Application deployed from the Azure Portal, the SSL certificate stored in the Key Vault as a base-64 encoded PFX file **must be passwordless**. Also, you must follow the steps in the article [Use Azure Key Vault to pass secure parameter value during deployment](../azure-resource-manager/templates/key-vault-parameter.md). It is particularly important to set `enabledForTemplateDeployment` to `true`.
4649
4750
1. **Configure the application gateway**
4851

0 commit comments

Comments
 (0)