How can we improve Azure Networking?

← Networking

Support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway

Azure Web Apps support the ability to store an SSL certificate in a Key Vault secret. A certificate resource can be created that references the Key Vault secret. The App service will periodically check for an updated SSL certificate in the Key Vault. The Application Gateway needs to have the same support for storing the SSL certificates in the Key Vault. It should be able to reference a Key Vault secret that contains the SSL certificate in the listener and backend HTTP settings configuration. This capability will allow the management of SSL certificates for Application Gateway and the Web Apps in a single place.

113 votes

Vote

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Mike Webber shared this idea · August 29, 2017 · Flag idea as inappropriate… · Admin →

planned ·

AdminAzure Networking Team (Admin, Microsoft Azure) responded · February 23, 2018

We are planning to support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on AppGw

7 comments

Add a comment…

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Joe H commented · June 14, 2018 21:12 · Flag as inappropriate

SSL certificate private key portions are CONSTANTLY exposed on some DevOps workstation, because App Services don't support the generation of a CSR.

KeyVault supports that -- but when I create an SSL certificate via KeyVault, I can't use it directly in an AppService without allowing the entire certificate to be exported - with its private key portion.

Back to square one.

Besides, I'd like my HTTPS certificate to be HSM-backed.

It seems like I'm asking for too much. But at the very least, allow me to use non-exportable HTTPS certificates for Azure-based web sites, where the private key NEVER has to be on a DevOps person's workstation. That's just unnecessary attack surface.
Jev commented · May 02, 2018 02:22 · Flag as inappropriate

Hi Azure Networking team. Key Vault integration would be a welcome addition. Especially when using ARM deployment model. Hence an ETA would be greatly appreciated!
Anonymous commented · March 27, 2018 06:31 · Flag as inappropriate

Hello, Azure Networking team. By when we can expect Key Vault support i Application Gateway?
Moim Hossain commented · March 12, 2018 03:21 · Flag as inappropriate

Is there any ETA for this?
Moim Hossain commented · March 12, 2018 03:20 · Flag as inappropriate

+1
Anonymous commented · February 28, 2018 06:56 · Flag as inappropriate

+1
KevBow commented · February 27, 2018 13:53 · Flag as inappropriate

We really need this too. Any ideas on timings in that plan ? Q1/Q2/2019?

Networking: Application Gateway

Post a new idea…
All ideas
My feedback
Application Gateway 71
Bugs 1
Domain Name Service (DNS, Traffic Manager) 47
ExpressRoute 15
IP addresses 10
IPv6 7
Load Balancing 23
Network Watcher 17
Other 6
Security (ACLs, Firewalls, Intrusion Detection) 58
Speed/Bandwidth 3
Virtual Networks (VNET) 46
VPN Connectivity (Point-to-Site, Site-to-Site) 38

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 2,691 ideas
- Additional Services 167 ideas
- Analytics Platform System 7 ideas
- API Apps 0 ideas
- API Management 290 ideas
- Application Insights 339 ideas
- Automation 331 ideas
- Azure Active Directory 1,813 ideas
- Azure Active Directory Application Requests 168 ideas
- Azure Alert Management 33 ideas
- Azure Analysis Services 91 ideas
- Azure Backup and SCDPM 396 ideas
- Azure Bot Service 24 ideas
- Azure Cloud Shell 86 ideas
- Azure Container Instances 33 ideas
- Azure Container Registry 26 ideas
- Azure Cosmos DB 307 ideas
- Azure Cosmos DB: DocumentDB API 4 ideas
- Azure Cosmos DB: Graph API 1 idea
- Azure Cosmos DB: MongoDB API 0 ideas
- Azure Cosmos DB: Table API 0 ideas
- Azure Database for MySQL 31 ideas
- Azure Database for PostgreSQL 61 ideas
- Azure Database Migration Service 6 ideas
- Azure Databricks 15 ideas
- Azure DDoS Protection 6 ideas
- Azure Event Grid 25 ideas
- Azure Functions 133 ideas
- Azure Government 65 ideas
- Azure IoT 161 ideas
- Azure IoT Central 2 ideas
- Azure IoT Edge 33 ideas
- Azure Key Vault 38 ideas
- Azure Management Groups 2 ideas
- Azure Maps 6 ideas
- Azure Marketplace 332 ideas
- Azure Media Services 202 ideas
- Azure Migrate 11 ideas
- Azure mobile app 135 ideas
- Azure Pack 244 ideas
- Azure portal 2,035 ideas
- Azure Resource Manager 325 ideas
- Azure Search 216 ideas
- Azure Security Center 83 ideas
- Azure Stack 79 ideas
- Azure TCO Calculator 22 ideas
- Batch 25 ideas
- Batch AI 4 ideas
- Biztalk Services 23 ideas
- Blockchain 22 ideas
- Cache 29 ideas
- CDN 63 ideas
- Cloud Services (Web and Worker Role) 257 ideas
- Cost Management 70 ideas
- Customer Insights 13 ideas
- Data Catalog 65 ideas
- Data Factory 389 ideas
- Data Lake 298 ideas
- Data Science VM 13 ideas
- DevTest Labs 175 ideas
- Diagnostics and Monitoring 146 ideas
- Event Hubs 0 ideas
- Global Infrastructure 9 ideas
- HDInsight 93 ideas
- Log Analytics 743 ideas
- Logic Apps 906 ideas
- Machine Learning 355 ideas
- Mobile Engagement 19 ideas
- Networking 357 ideas
- Notification Hubs 31 ideas
- Scheduler 44 ideas
- Scripting and Command Line Tools 82 ideas
- SDK and Tools 103 ideas
- Security and Compliance 50 ideas
- Service Bus 135 ideas
- Service Fabric 229 ideas
- Signup and Billing 754 ideas
- Site Recovery 157 ideas
- SQL Data Sync 61 ideas
- SQL Data Warehouse 186 ideas
- SQL Database 394 ideas
- SQL Server 8,131 ideas
- Storage 395 ideas
- StorSimple 43 ideas
- Stream Analytics 207 ideas
- Support Feedback 215 ideas
- Update Management 64 ideas
- Virtual Machines 1,071 ideas
- Web Apps 163 ideas
Microsoft Azure