Renew Application Gateway certificates
At some point, you'll need to renew your certificates if you configured your application gateway for TLS/SSL encryption.
You can renew a certificate associated with a listener using either the Azure portal, Azure PowerShell, or Azure CLI:
To renew a listener certificate from the portal, navigate to your application gateway listeners. Click the listener that has a certificate that needs to be renewed, and then click Renew or edit selected certificate.
Upload your new PFX certificate, give it a name, type the password, and then click Save.
This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.
To renew your certificate using Azure PowerShell, use the following script:
$appgw = Get-AzApplicationGateway ` -ResourceGroupName <ResourceGroup> ` -Name <AppGatewayName> $password = ConvertTo-SecureString ` -String "<password>" ` -Force ` -AsPlainText set-AzApplicationGatewaySSLCertificate -Name <oldcertname> ` -ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password Set-AzApplicationGateway -ApplicationGateway $appgw
az network application-gateway ssl-cert update \ -n "<CertName>" \ --gateway-name "<AppGatewayName>" \ -g "ResourceGroupName>" \ --cert-file <PathToCerFile> \ --cert-password "<password>"
To learn how to configure TLS Offloading with Azure Application Gateway, see Configure TLS Offload