Microsoft.Web certificates 2020-10-01

Template format

To create a Microsoft.Web/certificates resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Web/certificates",
  "apiVersion": "2020-10-01",
  "kind": "string",
  "location": "string",
  "tags": {},
  "systemData": {
    "createdBy": "string",
    "createdByType": "string",
    "lastModifiedAt": "string"
  },
  "properties": {
    "hostNames": [
      "string"
    ],
    "pfxBlob": [
      "integer"
    ],
    "password": "string",
    "keyVaultId": "string",
    "keyVaultSecretName": "string",
    "serverFarmId": "string",
    "canonicalName": "string"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Web/certificates object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes Name of the certificate.
type enum Yes For JSON - Microsoft.Web/certificates
apiVersion enum Yes For JSON - 2020-10-01
kind string No Kind of resource.
location string Yes Resource Location.
tags object No Resource tags.
systemData object No The system metadata relating to this resource. - SystemData object
properties object Yes Certificate resource specific properties - CertificateProperties object

SystemData object

Name Type Required Value
createdBy string No The identity that created the resource.
createdByType enum No The type of identity that created the resource. - User, Application, ManagedIdentity, Key
lastModifiedAt string No The timestamp of resource last modification (UTC)

CertificateProperties object

Name Type Required Value
hostNames array No Host names the certificate applies to. - string
pfxBlob array No Pfx blob. - integer
password string Yes Certificate password.
keyVaultId string No Key Vault Csm resource Id.
keyVaultSecretName string No Key Vault secret name.
serverFarmId string No Resource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}".
canonicalName string No CNAME of the certificate to be issued via free certificate

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create and assign a standard App Service Certificate

Deploy to Azure
Creates a standard App Service Certificate, verifies it using an App service App and creates SSL bindings once the certificate is ready
Create and assign a wildcard App Service Certificate

Deploy to Azure
Creates a wildcard App Service Certificate, verifies it using an App service Domain and creates SSL bindings on an App Service App once the certificate is ready
SSL certificate for an ILB ASE or an ILB ASE v2

Deploy to Azure
Configures the default SSL certificate for an ILB ASE or an ILB ASE v2
Web App integration with Key Vault

Deploy to Azure
Deploy a Web App certificate from Key Vault secret and use it for creating SSL binding
Web App with a custom domain and optional SSL binding

Deploy to Azure
Create a web app and with a custom domain and optionally add SSL certificate for https encryption.