Terraform-provider-azurerm: Support for App Service Public Certificates
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
I do not see any way to add a public certificate to an Azure App Service today. I would like to request this feature to be added. The Azure API reference is Microsoft.Web/sites/publicCertificates
New or Affected Resource(s)
azurerm_app_service_public_certificate (?)
azurerm_app_service_public_certificate_binding (?)
Potential Terraform Configuration
resource "azurerm_app_service" "example" {
name = "app01"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}
resource "azurerm_app_service_public_certificate" "example" {
name = "example-root-cert"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
cer_blob = filebase64("rootca.cer")
}
resource "azurerm_app_service_public_certificate_binding" "example" {
app_service_name = azurerm_app_service.example.name
public_certificate_name = azurerm_app_service_public_certificate.example.name
resource_group_name = azurerm_resource_group.example.name
}
References
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#upload-a-public-certificate
timlharrison
All 5 comments
hey @timlharrison
Thanks for opening this issue.
Taking a look through it appears this is available via the azurerm_app_service_certificate resource by specifying the certificate contents using the pfx_blob parameter - would you be able to take a look and see if that works for you?
Thanks!
tombuildsstuff
on 13 Jul 2020
I believe that is used to upload an App Service server certificate & private key. I'm looking to upload a custom, internal trusted root certificate. These typically come in the form of '.cer' files and do not have a private key. These are, according to the documentation, for uploading a root cert allowing your App Service to trust external endpoints signed by an internal CA. It puts the root cert in the trusted root store on the App Service-generated container image.
timlharrison
on 13 Jul 2020
@timlharrison thanks for clarifying 馃憤
tombuildsstuff
on 13 Jul 2020
Please prioritize this feature if possible. It is very common that a client certificate is required and it is not great to have a arm template for this instead of a Terraform resource.
dagus
on 5 Oct 2020
To clarify what @timlharrison said a bit further, the azurerm_app_service_certificate resource actually fails if you try to pass a pfx_blob to it that only contains a public key with:
Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="At least one certificate is not valid (Certificate does not contain a private key.)."
There is currently no workaround except for ARM templates or hacky powershell that I am aware of.
NOTE: This is also apparently not supported in azure-cli: https://github.com/Azure/azure-cli/issues/12391
TheRealWaldo
on 28 Oct 2020
Related issues
shivamsriva31093
路
47Comments
matthid
路
42Comments
ewierschke
路
36Comments
mjyeaney
路
34Comments
tombuildsstuff
路
89Comments
Most helpful comment
Please prioritize this feature if possible. It is very common that a client certificate is required and it is not great to have a arm template for this instead of a Terraform resource.