Azure-docs: Deploy custom certificate (Key Vault) via ARM
Hello, I saw a stub customHttpsConfiguration property in an ARM template I downloaded from a Portal-based deployment the other day. It doesn't seem to be supported (at least I can't find any references to it in docs or the schema repo) but it led me to wonder: is it possible today to use ARM automate the SSL certificate assignment from a previously-uploaded Key Vault certificate/secret? If so, how would I do that? Thanks!
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 105783bc-d51e-c199-7c51-1475bc9fbaa0
- Version Independent ID: 114c01b8-8b95-ff91-98c5-fd44b12ac6fc
- Content: Tutorial - Configure HTTPS on a custom domain for Azure Front Door Service
- Content Source: articles/frontdoor/front-door-custom-domain-https.md
- Service: frontdoor
- GitHub Login: @sharad4u
- Microsoft Alias: sharadag
LarsKemmann
All 7 comments
@LarsKemmann Thank you for the valuable feedback,we are investigating the issue.
AdamS-MSFT
on 15 Aug 2019
@LarsKemmann Thanks for the feedback. I have assigned this issue to content author to comment on the feasibility of doing this for Azure Front Door service.
SaurabhSharma-MSFT
on 16 Aug 2019
@LarsKemmann Currently, there is no support to enable HTTPS through ARM templates.
Please use REST API enablehttps on frontend endpoint for the same
https://docs.microsoft.com/en-us/rest/api/frontdoorservice/frontdoor/frontendendpoints/enablehttps
pichandwork
on 21 Sep 2019
I've discovered that this seems to be possible with the 2020-01-01 version of the ARM API and I've documented here:
https://stackoverflow.com/a/61099521/2765855
namely there's a new property in frontendEndpoint properties:
"customHttpsConfiguration": {
"certificateSource": "AzureKeyVault" // or "FrontDoor",
"minimumTlsVersion":"1.2",
"protocolType": "ServerNameIndication",
// Depending on "certificateSource" you supply either:
"keyVaultCertificateSourceParameters": {
"secretName": "<secret name>",
"secretVersion": "<secret version>",
"vault": {
"id": "<keyVault ResourceID>"
}
}
// Or:
"frontDoorCertificateSourceParameters": {
"certificateType": "Dedicated"
}
}
Simon-Gregory-LG
on 8 Apr 2020
After more testing, it seems this may be premature as I've found it to be unstable and only works intermittently, so I guess this is not quite production ready yet.
Simon-Gregory-LG
on 9 Apr 2020
How can this still not be supported using ARM. It has been GA for over a year now.
spaelling
on 6 May 2020
just add below property:
"customHttpsProvisioningState": "Enabled",
deepend-dev
on 5 Nov 2020
Related issues
jharbieh
·
3Comments
DeepPuddles
·
3Comments
bdcoder2
·
3Comments
ianpowell2017
·
3Comments
JamesDLD
·
3Comments
Most helpful comment
How can this still not be supported using ARM. It has been GA for over a year now.