Acquire a certificate and add it to Key Vault
For the setup, you will use a custom domain on the Application Gateway. The certificate for this will be stored in the Azure Key Vault instance you created in the previous exercise and will be retrieved from there by the Application Gateway. In this exercise, for the sake of simplicity, you will use a self-signed certificate. Keep in mind that, in production scenarios, you should use a certificate issued by a trusted certification authority.
To start, you need to generate a self-signed certificate and add it to Azure Key Vault. You can use the following guidance to perform this task:
Step by step guidance
-
To create a self-signed certificate, you will use a
sample-policy.json
file. To generate the file, from the Git Bash shell prompt, run the following command:az keyvault certificate get-default-policy > sample-policy.json
-
From the Git Bash window, use your favorite text editor to open the
sample-policy.json
file, change itssubject
property and add thesubjectAlternativeNames
property to match the following content, save the file, and close it.{ // ... "subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=myapp.mydomain.com", "subjectAlternativeNames": { "dnsNames": [ "myapp.mydomain.com", "*.myapp.mydomain.com" ], "emails": [ "hello@contoso.com" ], "upns": [] }, // ... }
Ensure that you include the trailing comma at the end of the updated content as long as there is another JSON element following it.
-
Replace the
mydomain
DNS name in thesample-policy.json
file with a randomly generated custom domain name that you will use later in this exercise by running the following commands:DNS_LABEL=$APPNAME$UNIQUEID DNS_NAME=sampleapp.${DNS_LABEL}.com cat sample-policy.json | sed "s/myapp.mydomain.com/${DNS_NAME}/g" > result-policy.json
-
Review the updated content of the
result-policy.json
file and record the updated DNS name in the formatsampleapp.<your-custom-domain-name>.com
(you will need it later in this exercise) by running the following command:cat result-policy.json
-
You can now use the
result-policy.json
file to create a self-signed certificate in Key Vault.CERT_NAME_IN_KV=$APPNAME-certificate az keyvault certificate create \ --vault-name $KEYVAULT_NAME \ --name $CERT_NAME_IN_KV \ --policy @result-policy.json