Azure Front Door - cache Key Vault sourced certificates
We use Front Door to host multiple clients under the same domain, and configured HTTPS with a wildcard certificate sourced from Azure Key Vault. The same source Key Vault, secret name and secret version is used for all frontend endpoints configured.
Customer DNS records:
customer1.domain.com -> frontdoorname.azurefd.net
customer2.domain.com -> frontdoorname.azurefd.net
customer3.domain.com -> frontdoorname.azurefd.net
Wildcard certificate in Key Vault *.domain.com
Every time a new client front end is added and HTTPS configured for it, the certificate is deployed again, which takes 20 minutes. Front Door should recognize that the same version of the same certificate is already been uploaded before and be much faster in deploying the front end configuration.