Simplify Your Certificate Automation: Managing Azure Key Vault Certificates
ฝัง
- เผยแพร่เมื่อ 31 ก.ค. 2024
- Protecting your web services using certificates nowadays is indispensable. It can also be automated, free, and very easy. There is virtually no excuse for not doing it.
This video discuss how to:
- 00:00 Using ACMEBot to Automate ACME certificates issuance and save them in Key Vault
- 17:23 Integrating Key Vault certificates with Azure App Services
- 23:38 Integrating Key Vault certificates with Azure Application Gateway
- 28:28 Integrating Key Vault certificates with Azure Front Door
Additional Links:
- ACME Bot: github.com/shibayan/keyvault-...
Find more content on zoomspeaks.tech
![เบิ้ล ปทุมราช - อ้ายกินดอง น้องลาบงัว ft. สแน็ก อัจฉรีย์ [OFFICIAL MV]](http://i.ytimg.com/vi/-OK--KaSPcI/mqdefault.jpg)
This is a great guide and as of January 2021, the only complete end to end description of the process I have found. A few notes for others who find this and still have issues:
1 - It is mentioned that enabling 'list' or 'view' access for your principal is optional. This is not the case. You must add your principal to the keyvault to be able to select keys to import later.
2 - If you purchase a domain through Azure, it will be 'locked' by default and the certificate will not issue. To fix this, go into the DNS Zone -> Locks and remove the 'delete' lock.
Thank you Michael, great info 👍
thnx good karma
Hi
Would like to know if there is a way we can configure the Distingushed names as per the organization needs? Will the ACME bot be able to reconfigure that?
Thank you for this detailed easy to follow video! Question will the certificates automatically renew in the Azure Vault now - or is this a manual process?
They will renew automatically as long as the function app stays running. It takes care of itself.
Thanks for this awesome tutorial - one small suggestion - its difficult for me to follow up with out the cursor especially those navigation i had to pause and replay ..
That’s a great suggestion. I will be sure to add cursor highlights from here on out 👍
I am NOT getting the UI on my azure function the try the url ending with /add-certificate is there anything I am missing here?
Hi Rakesh, I certainly need more information to help with that. You may also try the GitHub repo which provides with function and open as issue there if you think something is not working right.
I'm also facing the same issue like Rakesh have. When I append the add-certicate to the function app url, I couldn't open the UI to create the certificate.
Where does "VaultBaseUrl" come from? For me it says "Function host is not running." after adding the AD, and seems related to "VaultBaseUrl"
EDIT: If you, like me, are using an existing keyvault, just go to settings > configuration, search for url, and there you can update VaultBaseUrl, which you can get by going to your vault and copying the URL.
But now i just get a 404 every time i visit the function url.
(And by the way, i did get prompted to login)
VaultBaseUrl is the url for the key vault endpoint, you use it to tell your function app about where the key vault endpoint is. This can be be found in the settings>configuration of the acmebot function app.
Does the keyvault url and function app url needs to match??