馃洃 IMPORTANT: You can get your feedback addressed faster if you use the comment section for the article in which you encountered a problem.
Link to article:
https://docs.microsoft.com/en-us/azure/templates/microsoft.web/2018-02-01/hostingenvironments
There is no way to ask questions in the above article and the property values sslCertKeyVaultId and sslCertKeyVaultSecretName
Even google hardly comes up with any explanation.
The example listed to set default ILB cert doesnt even talk about these values?
https://azure.microsoft.com/en-us/resources/templates/201-web-app-ase-ilb-configure-default-ssl/
Problem:
What's wrong with the article?
How do I ask the author questions,
https://docs.microsoft.com/en-us/azure/templates/microsoft.web/2018-02-01/hostingenvironments
Thank you for creating the issue! One of our team members will get back to you shortly with additional information.
@tfitzmac Can you take a look at this feedback?
@g0pinath - what is your question about those properties?
Hi, I am also trying to connect ASE to KeyVault. But there is no information on how to use there settings in any documentation that I can find. I am just hitting "InternalServerError" when using there settings in my templates.
I would like to se an example in the description of sslCertKeyVaultId of what the API is expecting the value to look like.
Example:
"Full resource id of keyvault, such as /subscriptions/11111111-2222-3333-4444-555555555555/resourceGroups/ResourceGroupName/providers/Microsoft.KeyVault/vaults/KeyVaultName"
@g0pinath - what is your questio
https://docs.microsoft.com/en-us/azure/templates/microsoft.web/2018-02-01/hostingenvironments This link doesnt have space to comment or ask questions, can you please check this?
There are no examples and explanations for example,
sslCertKeyVaultId | string | No | Key Vault ID for ILB App Service Environment default SSL certificate
I ended up setting up a default ssl for ASE using the below code and as you can see I havent even used sslCertKeyVaultId.
{
"apiVersion": "2018-02-01",
"copy": {
"name": "ASECopy",
"count": "[variables('NumofASEs')]"
},
"type": "Microsoft.Web/hostingEnvironments",
"name": "[parameters('ASESettings').ASEName[copyindex()]]",
"kind": "ASEV2",
"location": "South Central US",
"properties": {
"name": "[parameters('ASESettings').ASEName[copyindex()]]",
"location": "South Central US",
"ipSslAddressCount": 0,
"clusterSettings": [
{
"name": "DefaultSslCertificateThumbprint",
"value": "[variables('thumbPrintNRTSS')]"
}
],
"internalLoadBalancingMode": "[parameters('ASESettings').internalLoadBalancingMode[copyindex()]]",
"dnsSuffix": "[parameters('ASESettings').dnsSuffix[copyindex()]]",
"virtualNetwork": {
"Id": "[concat('/subscriptions/', subscription().subscriptionID, '/resourceGroups/', parameters('ASESettings').ASEVnetRG[copyindex()],'/providers/Microsoft.Network/virtualNetworks/',parameters('ASESettings').ASEVnetName[copyindex()])]",
"Subnet": "[parameters('ASESettings').subnetName[copyindex()]]"
}
}
}
The document says this - but how is anyone suppose to figure out that the name value pair is supposed to be {
"name": "DefaultSslCertificateThumbprint",
"value": "[variables('thumbPrintNRTSS')]"
what is in the document
clusterSettings | array | No | Custom settings for changing the behavior of the App Service Environment. -聽NameValuePair object
-- | -- | -- | --
IMO ASE is a game changer for MS, and without documentation it remains a blackbox and the pricing isnt helping either. I wish I had the time to write the setup in details.
Can we please get an actual example of how to use these 2 properties?! Are we allowed to use a certificate instead of a secret as we can do with the serverFarms? Which permission do we need to add to the keyvault!? Do we need to add permission for abfa0a7c-a6b6-4736-8310-5855508787cd Microsoft Azure App Service??? Why the Azure documentation is so unreliable?
Meeting the same error when use the property sslCertKeyVaultSecretName. How to get the more details log ? " error": {
"code": "InternalServerError",
"message": "There was an unexpected InternalServerError.
}
}
Nothing official, But I was told at Microsoft sale meeting organized by my company 3 months ago that those 2 properties simply don't work.
Is there any update whether the "sslCertKeyVaultId" and "sslCertKeyVaultSecretName" work?
@tfitzmac the question is how do these properties work.
Most helpful comment
Can we please get an actual example of how to use these 2 properties?! Are we allowed to use a certificate instead of a secret as we can do with the serverFarms? Which permission do we need to add to the keyvault!? Do we need to add permission for abfa0a7c-a6b6-4736-8310-5855508787cd Microsoft Azure App Service??? Why the Azure documentation is so unreliable?