Hello everyone,
Today’s post, titled ‘Storing an SSL certificate in Azure Key Vault,’ will be concise. I aim to walk you through my process of utilizing Azure Key Vault to generate a Certificate Signing Request (CSR) and securely store a newly generated SSL certificate.
The Process
To begin with you should have already deployed a Key Vault. Locate the Key vault where you wish to store the SSL certificate, and then on the left hand side click on “Certificates”.
Then click on “Generate/Import”.
You will be presented with the “Create a certificate” screen. Below I have shown an Image of this screen and also the details that I used when filling out this form (Of Course you will need to change them accordingly to meet your needs).
The Details
Setting Name | Value | Notes |
Method of Certificate Creation | Generate | |
Certificate Name | Web1AksJoeDemo | |
Type of Certificate Authority (CA) | Certificate issued by a non-integrated CA | |
Subject | CN=aks.databasejoe.com | |
Validity Period (in months) | 12 | |
Content Type | PKCS # 12 | |
Lifetime Action Type | E-mail all contacts at a given percentage lifetime | |
Percentage Lifetime | 80 |
Then click on the “Create” button.
This will then take you back to the “Generate/Import” window. As shown in the below image. You can see that the certificate is disabled, we need to get the CSR to pass onto our SSL provider.
Get the CSR
To get the CSR you will need to click on the Certificate as shown in the above image (I’ve underlined this in Red), Once you have clicked on the certificate you will be presented with the following.
You will then need to click on “Certificate Option“, I’ve indicated this with the red circle in the above image.
You will then be presented with the following page.
You will need to click on “Download CSR“, you will need to then pass this CSR onto your SSL provider. Once you have the SSL certificate you can then come back to this page and click on “Merge Signed Request“.
That’s all you need to do, providing there are no errors your Certificate will now be active in Key Vault.
If you need any Azure assistance please reach out to me.