I'm trying to set up an App Gateway to handle http and https traffic to a VM. Adding the http listener/rule was a breeze, but https is giving me trouble.
I have a PEM file uploaded as a certificate to a Key Vault. The file contains the cert, intermediate cert and key. It has no password set.
If I try to assign this certificate to a https listener from the Key Vault I always get the following error:
Data or Password for certificate /subscriptions/{subscription}/resourceGroups/rg-grafana-test/providers/Microsoft.Network/applicationGateways/ag-grafana-test/sslCertificates/https-listenervaultCert is invalid.
From what the Key Vault displays, everything seems present and correct for the PEM file, with one exception. When I look (in Portal) at the properties for the cert, there is an error 'The value must not be empty' shown under the Expiration Date fields. These fields are in fact filled (correctly) and greyed out / non-editable. I tried uploading the PEM again under a different name, but it shows the same error. Not sure if this indicates an actual problem or if its merely a bug.
Other than that, fields like Subject, Issuer, Alternative Names, etc. all show the expected values.
I ran an OpenSSL cert chain check against the PEM file. This too looks normal:
subject=CN = *.{wildcard-domain-name}
issuer=C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
subject=C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
issuer=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
So, it seems as if the cert is in order, but still not accepted by the Gateway. What could be the cause of this, and what can I do to resolve this?