Allow SSL configuration to use a new Key Valut for certificate keys

Category: azure key vault


CatchAlive on Thu, 05 Jan 2017 07:49:37


I am using Azure SSL service, which uses a Key Vault to keep the keys safe.

Due to change of region of my services, I deleted the storage account and Key Valut in the old region.

But it is no possible to reconfigure Azure SSL service to use another storage account / key vault, then SSL has been configured once.

I do not know, if this is a "Key Vault" issue or "Azure SSL" issue...

Best regards



akurmi on Sun, 08 Jan 2017 06:46:36

Hello Martin,

I am assuming that this is about App Service Certificate. We are currently building a portal experience to provide mitigation steps for such App Service Certificates. In the mean time, you can execute the following Powershell script to remove the current App Service Certificate - Key Vault association. After executing this script, go to Azure portal and assign a new Key Vault to the App Service Certificate resource.  (Step 1: Store the certificate in Azure Key Vault)

Set-AzureRmContext -SubscriptionId <subId> 
Remove-AzureRmResource -ResourceId "/subscriptions/<subId>/resourceGroups/<resource group>/providers/Microsoft.CertificateRegistration/certificateOrders/<App Service Certificate Name>/certificates/<App Service Certificate Name>" -ApiVersion "2015-08-01"
Set-AzureRmContext -SubscriptionId fb2c25dc-6bab-45c4-8cc9-cece7c42a95a 
Remove-AzureRmResource -ResourceId "/subscriptions/fb2c25dc-6bab-45c4-8cc9-cece7c42a95a/resourceGroups/Default-Web-EastAsia/providers/Microsoft.CertificateRegistration/certificateOrders/appservicecertificate1/certificates/appservicecertificate1" -ApiVersion "2015-08-01"

CatchAlive on Mon, 09 Jan 2017 16:02:30

Hi Ashish Kurmi,

It worked perfectly, thanks :-)

BR Martin