How can we improve Azure Networking?

← Networking

Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway

Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps in a single place.

191 votes

Vote

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Mike Webber shared this idea · Aug 29, 2017 · Flag idea as inappropriate… · Admin →

planned ·

AdminAzure Networking Team (Admin, Microsoft Azure) responded · Feb 23, 2018

We are planning to support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on AppGw

13 comments

Add a comment…

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Greg Lloyd commented · October 7, 2018 11:02 AM · Flag as inappropriate

Updates? This is a seriously needed feature. Especially for automation to prevent downtime for applications.
Corey Zwart commented · August 8, 2018 12:36 PM · Flag as inappropriate

Any updates? Would love to be able to administer the certificates in a central place rather than every deployed Application Gateway.
John Gilmartin commented · July 30, 2018 4:43 AM · Flag as inappropriate

Pleased to see this is on the roadmap but disappointed to see that it has been so since 2016 and yet still not available. With this item and very similar one https://feedback.azure.com/forums/217313-networking/suggestions/17205926-integration-with-key-vault-certificates there is plenty of demand, us included.
Max Khon commented · July 17, 2018 4:21 AM · Flag as inappropriate

+1
Jens Peter Secher commented · July 16, 2018 12:55 AM · Flag as inappropriate

+1
Richard J commented · July 5, 2018 4:43 AM · Flag as inappropriate

Hi Microsoft,

What is the ETA for this?
Joe H commented · June 14, 2018 9:12 PM · Flag as inappropriate

SSL certificate private key portions are CONSTANTLY exposed on some DevOps workstation, because App Services don't support the generation of a CSR.

KeyVault supports that -- but when I create an SSL certificate via KeyVault, I can't use it directly in an AppService without allowing the entire certificate to be exported - with its private key portion.

Back to square one.

Besides, I'd like my HTTPS certificate to be HSM-backed.

It seems like I'm asking for too much. But at the very least, allow me to use non-exportable HTTPS certificates for Azure-based web sites, where the private key NEVER has to be on a DevOps person's workstation. That's just unnecessary attack surface.
Jev commented · May 2, 2018 2:22 AM · Flag as inappropriate

Hi Azure Networking team. Key Vault integration would be a welcome addition. Especially when using ARM deployment model. Hence an ETA would be greatly appreciated!
Anonymous commented · March 27, 2018 6:31 AM · Flag as inappropriate

Hello, Azure Networking team. By when we can expect Key Vault support i Application Gateway?
Moim Hossain commented · March 12, 2018 3:21 AM · Flag as inappropriate

Is there any ETA for this?
Moim Hossain commented · March 12, 2018 3:20 AM · Flag as inappropriate

+1
Anonymous commented · February 28, 2018 6:56 AM · Flag as inappropriate

+1
KevBow commented · February 27, 2018 1:53 PM · Flag as inappropriate

We really need this too. Any ideas on timings in that plan ? Q1/Q2/2019?

Networking: Application Gateway

Post a new idea…
All ideas
My feedback
Application Gateway 81
Azure Firewall 1
Azure Front Door Service 3
Bugs 1
Content Delivery Network 1
Domain Name Service (DNS, Traffic Manager) 53
ExpressRoute 19
IP addresses 12
IPv6 7
Load Balancing 25
Network Watcher 26
Other 8
Security (ACLs, Firewalls, Intrusion Detection) 66
Speed/Bandwidth 3
Virtual Networks (VNET) 54
VPN Connectivity (Point-to-Site, Site-to-Site) 42

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,599 ideas
- Additional Services 169 ideas
- Analytics Platform System 8 ideas
- API Apps 0 ideas
- API Management 335 ideas
- Application Insights 392 ideas
- Automation 352 ideas
- Azure Active Directory 2,186 ideas
- Azure Active Directory Application Requests 176 ideas
- Azure Alert Management 39 ideas
- Azure Analysis Services 107 ideas
- Azure Backup 278 ideas
- Azure Bot Service 31 ideas
- Azure Cloud Shell 112 ideas
- Azure Container Instances 39 ideas
- Azure Container Registry 36 ideas
- Azure Cosmos DB 331 ideas
- Azure CycleCloud 0 ideas
- Azure Data Explorer 6 ideas
- Azure Database for MariaDB 1 idea
- Azure Database for MySQL 36 ideas
- Azure Database for PostgreSQL 63 ideas
- Azure Database Migration Service 11 ideas
- Azure Databricks 27 ideas
- Azure DDoS Protection 6 ideas
- Azure Digital Twins 0 ideas
- Azure Event Grid 32 ideas
- Azure Functions 145 ideas
- Azure Governance 13 ideas
- Azure Government 71 ideas
- Azure IoT 190 ideas
- Azure IoT Central 28 ideas
- Azure IoT Edge 34 ideas
- Azure IoT Solution Accelerators 0 ideas
- Azure Key Vault 47 ideas
- Azure Kubernetes Service (AKS) 49 ideas
- Azure Management Groups 5 ideas
- Azure Maps 27 ideas
- Azure Marketplace 344 ideas
- Azure Media Services 211 ideas
- Azure Migrate 14 ideas
- Azure mobile app 158 ideas
- Azure Monitor 3 ideas
- Azure Pack 281 ideas
- Azure portal 2,313 ideas
- Azure Resource Manager 352 ideas
- Azure Search 195 ideas
- Azure Security Center 109 ideas
- Azure SignalR Service 1 idea
- Azure Sphere 11 ideas
- Azure Stack 95 ideas
- Azure TCO Calculator 24 ideas
- Batch 32 ideas
- Batch AI 7 ideas
- Biztalk Services 23 ideas
- Blockchain 27 ideas
- Cache 33 ideas
- CDN 64 ideas
- Cloud Services (Web and Worker Role) 259 ideas
- Cost Management 82 ideas
- Customer Insights 13 ideas
- Data Catalog 86 ideas
- Data Factory 486 ideas
- Data Lake 310 ideas
- Data Science VM 16 ideas
- DevTest Labs 198 ideas
- Diagnostics and Monitoring 161 ideas
- Event Hubs 2 ideas
- Global Infrastructure 11 ideas
- HDInsight 104 ideas
- Log Analytics 755 ideas
- Logic Apps 965 ideas
- Machine Learning 388 ideas
- Mobile Engagement 19 ideas
- Networking 424 ideas
- Notification Hubs 36 ideas
- Scheduler 44 ideas
- Scripting and Command Line Tools 82 ideas
- SDK and Tools 119 ideas
- Security and Compliance 60 ideas
- Service Bus 149 ideas
- Service Fabric 245 ideas
- Signup and Billing 839 ideas
- Site Recovery 181 ideas
- SQL Data Sync 63 ideas
- SQL Data Warehouse 208 ideas
- SQL Database 425 ideas
- SQL Managed Instance 22 ideas
- SQL Server 8,467 ideas
- Storage 456 ideas
- StorSimple 43 ideas
- Stream Analytics 213 ideas
- Support Feedback 216 ideas
- System Center Data Protection Manager 86 ideas
- Update Management 82 ideas
- Virtual Machines 1,122 ideas
- Web Apps 167 ideas
Microsoft Azure