Unable to add Private Certificates (.pfx) to App Service #1825
Comments
|
iako, This feature has been tagged for enhancement, #1136. Currently, we do the following:
FWIW here is quick example to help you get started, this assumes
Sorry i did not have time to test it, there maybe a copy paste error. resource "azurerm_template_deployment" "ssl_certificate" {
name = "${format("%s-arm-certs", var.name)}"
resource_group_name = "${azurerm_resource_group.test.name}"
deployment_mode = "Incremental"
template_body = <<DEPLOY
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sslCertificateName": {
"type": "string"
},
"keyVaultId" :{
"type": "string"
},
"servicePlanId": {
"type": "string"
},
"appServiceName":{
"type": "string"
},
"appServiceFQDN":{
"type": "string"
}
},
variables : {
"thumbprint":"[reference(resourceId('Microsoft.Web/certificates', parameters('sslCertificateName'))).Thumbprint]"
}
"resources": [
{
"type":"Microsoft.Web/certificates",
"name":"[parameters('sslCertificateName')]",
"apiVersion":"2016-03-01",
"location":"[resourceGroup().location]",
"properties":{
"keyVaultId":"[parameters('keyVaultId')]",
"keyVaultSecretName":"[parameters('sslCertificateName')]",
"serverFarmId": "[parameters('servicePlanId')]"
}
},
{
"type":"Microsoft.Web/sites/hostnameBindings",
"name":"[concat(parameters('appServiceName'), '/', parameters('appServiceFQDN'))]",
"apiVersion":"2016-03-01",
"location":"[resourceGroup().location]",
"properties":{
"sslState":"SniEnabled",
"thumbprint":"[veriables('thumbprint')]"
},
"dependsOn": [
"[concat('Microsoft.Web/certificates/',parameters('sslCertificateName'))]"
]
}
]
"outputs": {
"thumbprint": {
"type": "string",
"value": "[veriables('thumbprint')]"
}
}
}
DEPLOY
parameters {
"appServiceName" = "${azurerm_app_services.test.name}"
"appServiceFQDN" = "${format("%s.%s",azurerm_dns_cname_record.test.name, azurerm_dns_cname_record.test.zone_name)}"
"servicePlanId" = "${azurerm_app_service_plan.test.id}"
"sslCertificateName" = "${var.keyvault_ssl_certificate_name}"
"keyVaultId" = "${var.keyvault_id}"
}
depends_on = [
"azurerm_app_service.test",
"azurerm_dns_cname_record.test",
]
} |
|
Thanks @kevinneufeld that was really helpful. Here it is with some quotes fixed + typos I've been trying the same thing and I don't get any azure errors that my template is wrong but it is not succeeding for some reason. No error logs. I'll keep trying and update the post when it works. Edit: It works. Just had to give it permissions to contact my vault
|
|
@DeanDM you can have look at our terraform modules: transactiveltd, fork or use the one you think will help. |
|
hi @iakko Thanks for opening this issue :) As mentioned by @kevinneufeld support for SSL Certificates on App Services has previously been requested in #1136 which I'm going to close this issue in favour of - would you mind subscribing to that one for updates? Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
Hello,
I'm trying to find a way to add a Private Certificate to an App Service.
To be more clear, I'm talking about the certificates you can import into an App Service following the Web Portal from: App Service -> SSL settings -> Private Certificates (.pfx) -> Upload Certificate
I cannot find anything useful on the azurerm_app_service Terraform documentation.
Thanks a lot.
IP
The text was updated successfully, but these errors were encountered: