# Azure : Renewing the SSL Certificate of the Azure Application Gateway

Introduction

Today’s post is about changing the SSL Certificate of an Application Gateway. Why a post about this? Isn’t it a more upload button… You would think so. When creating the listener, it’s a nice & easy UI. Though I guess someone forgot the renew flow. 😉 This is the screen when you take a look at the HTTP listener. We see the certificate, but no way to edit this part…

So we’ll have to do this manually, via powershell!

Updating the Certificate

First get your application gateway ;

Next up ; Delete it…

And save the configuration

And that was it! (bare in mind, the last step takes a while)

The Code


$agw = Get-AzureRmApplicationGateway -Name myname Remove-AzureRmApplicationGatewaySslCertificate -Name my.domain.tld -ApplicationGateway$agw

Add-AzureRmApplicationGatewaySslCertificate -Name "my.domain.tld" -CertificateFile .\path\to\my.domain.tld.pfx -Password "MyNotSoSecretPassword" -ApplicationGateway $agw Set-AzureRmApplicationGateway -ApplicationGateway$agw



## 11 thoughts on “Azure : Renewing the SSL Certificate of the Azure Application Gateway”

1. Anthony Van den bossche says:

Nice post! :). Always a hassle changing out certificates, think of ADFS and WAP :).

2. Sorin Dosoftei says:

Great post;
I encounter an issue while running the last command: Set-AzureRmApplicationGateway -ApplicationGateway $agw I get: Set-AzureRmApplicationGateway : Resource subscriptions/…/OldCert referenced by resource /subscriptions/…/CurrentListener was not found. Please make sure that the referenced resource exists, and that both resources are in the same region. Any ideas why? 3. kvaes says: What’s the output of ;$agw (or when you “Get-AzureRmApplicationGateway -Name myname”)?

4. Steve L. says:

I’ve had no luck with this script. I’m sure it’s something I’m doing wrong. Also, you need to pass in -ResourceGroupName or it breaks.

5. Steve L. says:

Scratch that. The script IS working, but as mentioned earlier, you still need to pass in resource group name:

\$agw = Get-AzureRmApplicationGateway -Name -ResourceGroupName

6. Jim says:

I had to add the new cert and commit it before removing the old one to get this to work correctly.

7. Mark says:

Am I the only one who can’t verify certificate deletion in portal? Seems only possible to verify in powershell?

1. kvaes says:

Is it a passphrase protected certificate? If that’s the case, then I can concur on the sentiment. Best thing to do is open a support case for it, so that the attention rises towards the issue.

8. Giorilias says:

Sorin, I encountered the same error with you.
If you change the name of the certificate, the command doesn’t work! It outputs the error you mentioned.
That’s because in this case, the listener still has the old certificate name (it isn’t updated with the above commands).
So, the above commands work ONLY if you keep the same certificate name (you can find it in the portal, at ‘Listeners’).

it would be nice if someone finds the commands how to change the certificate name too.

9. Piero says:

Hi All,
thanks for the post, but how can I check if the certificate is about to expire? Is there a way to see this date?

This site uses Akismet to reduce spam. Learn how your comment data is processed.