azure-sdk-for-net icon indicating copy to clipboard operation
azure-sdk-for-net copied to clipboard

Published 20 hours ago verified publisher icon Azure

[QUERY] How to import certificate from KeyVault when creating/updating an AppService (CreateOrUpdateWebSiteResource)?

Open trygvelo opened this issue 5 months ago • 2 comments

Library name and version

Azure.ResourceManager 1.12.0

Query/Question

I cannot find a working way to import a certificate from KeyVault when creating/updating an AppService (WebSite).

I'm am NOT using the certificate for TLS/SSL host binding. The certificate is used by the application code to authenticate with a database service.

I have tried this:

// First set up WebSiteData (a function app in my case)
var webSiteData = new WebsiteData(...);

new CertificateClient(new Uri(_keyVaultUrl), new DefaultAzureCredential());
KeyVaultCertificateWithPolicy vaultCertificate = await certificateClient.GetCertificateAsync("cert-name");

webSiteData.HostNameSslStates.Add(new HostNameSslState
{
    Name = vaultCertificate.Name,
    ThumbprintString = vaultCertificate.Properties.X509ThumbprintString,
    SslState = HostNameBindingSslState.SniEnabled
});

var webSite = (await resourceGroup.GetWebSites().CreateOrUpdateAsync(
    WaitUntil.Completed,
    "site-name",
    webSiteData
)).Value;

But it doesn't show up in the app service certificates when browsing the portal under "Bring your own certificates (.pfx)".

image

I haven't found any example code except similar to the webSiteData.HostNameSslStates.Add. If I add the certificate through the portal it works perfect, I just need to be able to do the same using Azure.ResourceManager

Environment

No response

trygvelo avatar Sep 30 '24 13:09 trygvelo