locked
App Service Certificate does not have access to Key Vault - Certificate implementation issue on App Service RRS feed

  • Question

  • I have an App Service Certificate that is ready to use. Verification etc has been completed.

    I also have an App Service that has been deployed and is working.

    They are both in the same resource group.

    When i try to implement the App Service certificate, i get the following error.

    Failed to add App Service certificate to the app, Check error for more details. Error Details: The service does not have access to '/subscriptions/XXXebXXX-XXX-XXXX-XXX-XXXXX/resourcegroups/XXXXX/providers/microsoft.keyvault/vaults/xxxxxxxxvault' Key Vault. Please make sure that you have granted necessary permissions to the service to perform the request operation.

    Any help/assistance in implementing the App Service Certificate would be helpful.


    Wednesday, May 17, 2017 4:02 AM

Answers

  • Thank you Ashok, but the command you specified did not resolve the issue. The command was executed successfully but when i tried to deploy the certificate the same error repeated. Instead I downloaded the PFX file from PowerShell directly and uploaded it manually.

    Tuesday, May 23, 2017 4:44 AM

All replies

  • How exactly you are deploying the certificate to Web App?

    If you are deploying the certificate to Key Vault, you need to authorize the Resource Provider(RP) by executing the following PowerShell command:

    Set-AzureRmKeyVaultAccessPolicy -VaultName yourkeyvaultname -ServicePrincipalName abxx0a7c-xx6b6-4xx6-8x10-58xx08787cd -PermissionsToSecrets get

    For more details refer: Deploying Azure Web App Certificate through Key Vault

    You may want to check Internals of App Service Certificate.

    -----------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Thursday, May 18, 2017 4:25 PM
  • Thank you Ashok, but the command you specified did not resolve the issue. The command was executed successfully but when i tried to deploy the certificate the same error repeated. Instead I downloaded the PFX file from PowerShell directly and uploaded it manually.

    Tuesday, May 23, 2017 4:44 AM
  • Just to confirm, is your issue resolved by downloading the PFX file from PowerShell and uploading it to App Service manually?

    Tuesday, May 23, 2017 7:01 PM
  • yes.
    Friday, June 23, 2017 5:16 AM