Reputation: 1722
Deploy Application Gateway with self-signed certificate with Terraform
I have a Terraform deployment that deploys an Application Gateway in Azure to control traffic to an Application Service Environment hosting an application. Currently, the deployment creates a listener that is using port 80/HTTP but now that I have everything working as I want, I want to modify the deployment to do SSL termination at the App Gateway. I have created a self-signed certificate for testing purposes and I have loaded the certificate into Azure Key Vault. I am now trying to figure out how to modify my deployment to use the certificate. The only thing I can find is the need to add the ssl_certificate_name property to the listener but I know there is more to it than that. How do I tell Terraform "where" the certificate is?
Upvotes: 0
Views: 2573
Answers (1)
Reputation: 28284
Unfortunately, a Application Gateway could not support get references directly from a certificate stored in key vault, you could upvote to support SSL certificates stored in Key Vault secrets for listeners and backend HTTP settings on Application Gateway.
From this document, a http_listener block only supports reference a certificate via ssl_certificate_name, so you could reference the certificate from the name and data attribute in ssl_certificate block. In this block, the data requires the contents of the Authentication Certificate which should be used. Also, you could use a built-in function file to read certificate base64encode contents. For example, to read a file: ${file("path.txt")}.
ssl_certificate {
name = "default"
data = "${base64encode(file("mycert.pfx"))}"
password = "XXXXXXX"
}
and
http_listener {
name = "https"
frontend_ip_configuration_name = "default"
frontend_port_name = "https"
protocol = "Https"
ssl_certificate_name = "default"
}
You could get more scenarios about attaching SSL certificate to Azure application gateway in Terraform and Azure Application Gateway with end-to-end SSL .
Upvotes: 1
Related Questions
- Terraform bind SSL Certificate to Azure WebApp
- Attaching SSL certificate to Azure application gateway in Terraform
- Terraform - Azure application gateway issue with keyvault certificate integration
- Creating custom host name binding for app service in terraform fails with Cannot find Certificate with name
- Terraform - How to attach SSL certificate stored in Azure KeyVault to an Application Gateway
- Terraform application gateway Data for certificate is invalid
- Terraform Azure Application Gateway unable to associate with certificate in key vault
- Terraform self signed certificates for Azure APIM cannot find
- Trying to attach SSL certificate on application gateway using azure terraform
- Terraform-Azure-Unable to create Private IP configuration for application Gateway StandardV2