Certificate in KeyVault Persistance?

Marc George 171 Reputation points
2021-09-25T13:00:20.253+00:00

An existing app service has an Azure certificate assigned which, from my understanding, is stored in the key vault. If I examine the key vault's certificates, it is not listed. However if a PowerShell keyvault command is executed against the certificate, which I am interested in, it does not error, indicating to me that it is in the vault.

I want to totally replace the app service, i.e. delete and create a new one. I want to use the current certificate in the new service. Will the current service deletion delete the certificate from the vault?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,932 questions
Accepted answer
  1. SnehaAgrawal-MSFT 18,366 Reputation points
    2021-09-28T11:48:04.903+00:00

    Thanks! The free certificate is issued by DigiCert. So if you delete the App service the certificate will also be deleted. As its mentioned in the document that:

    The free App Service managed certificate is a turn-key solution for securing your custom DNS name in App Service. It's a TLS/SSL server certificate that's fully managed by App Service and renewed continuously and automatically in six-month increments, 45 days before expiration. You create the certificate and bind it to a custom domain, and let App Service do the rest.

    The free certificate comes with the following limitations:
    • Does not support wildcard certificates.
    • Does not support usage as a client certificate by certificate thumbprint (removal of certificate thumbprint is planned).
    • Is not exportable.
    • Is not supported on App Service not publicly accessible.
    • Is not supported on App Service Environment (ASE).
    • Is not supported with root domains that are integrated with Traffic Manager.
    • If a certificate is for a CNAME-mapped domain, the CNAME must be mapped directly to <app-name>.azurewebsites.net.

    Since this is free of cost once you deleted your old app service you can assign another certificate with newly created app service.
    To secure a custom domain with this certificate, you need to create a certificate binding for new app service.

    Helpful documents links:

    https://learn.microsoft.com/en-gb/azure/app-service/configure-ssl-certificate#create-a-free-managed-certificate
    https://learn.microsoft.com/en-gb/azure/app-service/configure-ssl-bindings#secure-a-custom-domain

    Let us know if further question on this or issue remains.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest