Azure Portal: Renewing SSL Certificate on Application Gateway V1

Daniel Brown

3 min read
Azure Portal: Renewing SSL Certificate on Application Gateway V1

Currently there's no official Azure documentation on updating an SSL certificate on an application gateway V1. After extensive troubleshooting, the support resource that I worked with was able to find the deprecated documentation allowing for the SSL certificate to update from the Azure portal.

Here's how you can update an SSL certificate on an Application Gateway SKU V1 hosted within an Azure environment using Azure CLI:

Renewing SSL Certificates on Azure Application Gateway V1 Using Azure CLI

Renewing SSL certificates for your Azure Application Gateway is a crucial maintenance task to ensure secure communication between clients and your web applications. This article will guide you through the process of updating an SSL certificate on an Application Gateway SKU V1 using Azure CLI.

Prerequisites

Before proceeding with the certificate renewal process, ensure that you have completed the following steps:

  1. Add the new leaf .cer file for the SSL certificate to the HTTP backend settings for the site on the Application Gateway.
  2. Update the listener on the Application Gateway to use the new .pfx file.

These prerequisites are essential for the smooth execution of the renewal process.

Step 1: Retrieve the Existing Application Gateway

The first step is to retrieve the existing Application Gateway configuration. This command stores the gateway information in a variable for later use.

$gw = Get-AzApplicationGateway -Name <application_gateway_id/name> -ResourceGroupName <resource_group_id/name>

Replace <application_gateway_id/name> with your Application Gateway's name or ID, and <resource_group_id/name> with the name or ID of the resource group containing the Application Gateway[1].

Step 2: Retrieve the Probe Configuration

Next, we need to retrieve the probe configuration associated with the backend settings. This step is crucial for maintaining the health check functionality of your Application Gateway.

$probe1 = Get-AzureApplicationGatewayProbeConfig -name <backend_settings_healthprobe_id> -ApplicationGateway $gw

Replace <backend_settings_healthprobe_id> with the ID of the health probe configured for your backend settings[1].

Step 3: Update the Backend HTTP Settings

Now, we'll update the backend HTTP settings with the new certificate information. This step ensures that the Application Gateway uses the renewed certificate for backend communication.

Set-AzApplicationGatewaybackendHttpSettings -Name <backend_http_settings_id/name> -ApplicationGateway $gw -Port 443 -Protocol https -CookieBasedAffinity Disabled -RequestTimeout 30 -Probe $probe1 -AuthenticationCertificates <leaf_.cer_file_name>

Replace <backend_http_settings_id/name> with the name or ID of your backend HTTP settings, and <leaf_.cer_file_name> with the name of the new leaf .cer file you added in the prerequisites[1].

Step 4: Apply the Changes to the Application Gateway

The final step is to apply all the changes we've made to the Application Gateway. This command updates the gateway with the new configuration.

Set-AzApplicationGateway -ApplicationGateway $gw

This command applies all the changes we've made to the Application Gateway configuration[1].

Conclusion

By following these steps, you can successfully renew the SSL certificate on your Azure Application Gateway SKU V1 using Azure CLI. Remember to test your application thoroughly after the renewal process to ensure everything is functioning correctly.

Regular certificate renewal is an important part of maintaining the security and compliance of your web applications. By using Azure CLI, you can automate this process, making it easier to manage multiple Application Gateways and certificates.

Citations:
[1] https://stackoverflow.com/questions/62522502/update-ssl-cert-application-gateway-azure
[2] https://learn.microsoft.com/vi-vn/azure/application-gateway/renew-certificates
[3] https://learn.microsoft.com/en-us/azure/application-gateway/ssl-certificate-management
[4] https://learn.microsoft.com/en-us/cli/azure/network/application-gateway/ssl-cert?view=azure-cli-latest
[5] https://learn.microsoft.com/en-us/answers/questions/1625001/could-not-update-the-ssl-certificate-in-azure-appl
[6] https://learn.microsoft.com/en-us/answers/questions/1180042/steps-and-the-procedure-to-update-the-ssl-certific

Read more