Azure Export Vault pfx cert and Import to Azure Apache

Configure end to end TLS by using Application Gateway, Azure key vault and Azure Virtual Machine.

Today we are going to configure a full end to end TLS/SSL encryption of traffic from Azure Gateway to an Azure Virtual Machine. The SSL certificate for my domain was purchased from Azure App Service Certificates.

App Service Certificates is an Azure cloud service offering where customers can purchase, configure, and manage SSL certificates right from the Azure portal. The process is intuitive and simplified to a few clicks. For more information. This service work quite seamless with Azure Apps with zero configurations for setting up SSL. When you want to configure a full encrypted network when work with SSL poses a challenge and since we need to export the SSL certificate bought and store in Azure Key Vault.

The exported certificate from Azure Key Vault is stored as a PFX file which is an IIS certificate and is not supported by Apache or Nginx. This means we need to undertake another process for exporting the private key and certs from the pfx certificate in the vault.

Prerequisites

Before we begin to ensure you have the following in place:

1. Ensure that you have access to Powershell or the Cloud Shell.
2. Ensure you have access to Azure Key Vault and that the Certificate is in ‘Issued’ state.

I will split the configuration as follows:

1. Export the PFX Certificate from Azure Key Vault.
2. Download the Exported PFX certificate to the Virtual Machine or a Local Machine with latest the Open SSL.
3. Add or Chain Intermediary and Root Certificate of the Certificate Authority to the Exported PFX