question

ChittybabuV-6136 avatar image
0 Votes"
ChittybabuV-6136 asked ChittybabuVenkidusamyTSA-6122 answered

Azure – Front Door, Custom Domain - BYOC Secret is not listing certificates from Azure Keyvault

I'm trying to setup a custom domain in Azure frontDoor using "GoDaddy" issued certificate. I did followed the steps given in the below Microsoft links.

https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain
https://docs.microsoft.com/en-us/azure/key-vault/certificates/tutorial-import-certificate?tabs=azure-portal

Note that there is no firewall enabled on Keyvault , Service Prinicple added, Access policy is set ( Get & List set for Secrets & Certificates ) and also my account has full access to Keyvault.

After successfully adding the certificate in the Keyvault , I'm not getting the keyvault list in "Secret" under BYOC.

Any one experienced the similar issue? Pls advise. Thanks.

198164-keyvault-accesspolicy.png


azure-front-door
keyvault-accesspolicy.png (14.4 KiB)
· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image JamesTran-MSFT ·

@ChittybabuV-6136
Thank you for the quick follow up and for sharing the screenshots!

Since you were able to successfully import your certificate into the Azure Key Vault, and it looks like the term "Secret" with AFD, is referring to the actual Secrets Tab within Azure Front Door, I've reached out to our Azure Front Door team to take a look into this issue.

198615-image.png



Please allow some time for their community and team to take a closer look into your issue.
Thank you for your time and patience throughout this issue!

1 Vote 1 ·
image.png (74.6 KiB)
JamesTran-MSFT avatar image JamesTran-MSFT ·

@ChittybabuV-6136
Thank you for your post!

  • After adding your certificate to your Key Vault, can you expand on what you mean by you aren't getting the Key Vault List in "Secret" under BYOC?

  • Are you receiving any error messages that you can share?


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·
ChittybabuV-6136 avatar image ChittybabuV-6136 ·

Thanks James for the response.

There message says "no available items".

To add further with the post, I could successfully add the the certificate from Keyvault to FrontDoor profile and the "secrets" has a value of keyvault certificate.

But , when you go to custom domain of the FrontDoor, the secret value is not getting listed in BYOC "secret" list. I expect to see the value from FrontDoor profile "secret" in BYOC to add, but it's not.

Pls refer the screenshots.

198405-frontdoor-profile-imported-certificate.pdf




0 Votes 0 ·
frontdoor-profile-imported-certificate.pdf (160.3 KiB)

2 Answers

LuisRodriguez-MSFT avatar image
1 Vote"
LuisRodriguez-MSFT answered LuisRodriguez-MSFT commented

Hello @ChittybabuV-6136

I've seen cases where the certificate was not being applied properly on the Front Door after being updated on the Key Vault side.
The workaround would be to "trick" the Front Door by running a PUT operation to deploy again the latest certificate.

For that you have to go to the Front Door custom domain configuration page and make any change on any of the settings.
Once done you can revert your change back to the original settings.

NOTE: to deploy the certificate again globally can take some hours.

I hope this helps

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuisRodriguez-MSFT avatar image LuisRodriguez-MSFT ·

Hello @ChittybabuV-6136

If the plan proposed didn't work and the documentation has been followed without hitting issues i would recommend to raise a support ticket so the experts can check if there is a sync issue between Front Door and Key Vault.

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

2 Votes 2 ·
ChittybabuVenkidusamyTSA-6122 avatar image ChittybabuVenkidusamyTSA-6122 ·

Thanks Luis for the workaround.

I've tried to make some changes in custom domain settings by reconfiguring but it didn't help.
I also tried to cleanup everything and then added Keyvault certificate in FD profile secret followed by new custom domain creation. but no luck.

Any other suggestions please.


0 Votes 0 ·
ChittybabuVenkidusamyTSA-6122 avatar image
1 Vote"
ChittybabuVenkidusamyTSA-6122 answered

The issue has been sorted out ! The issue was with the certificate. I got the wrong wildcard certificate for the custom domain. After attaching the correct wildcard certificate, FD is able to show the list under BYOC.

@LuisRodriguez-MSFT @JamesTran-MSFT - Thank you so much for the support.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.