An Azure Key Vault provides the capability for you to easily provision, manage, and deploy your digital certificates. In this blog, you can update your certificate’s validity period, auto-rotation frequency, email notification contacts and CA attributes.
The certificates can be public or private SSL / TLS certificates which may be:
A self-signed certificate,
A certificate created with a non-partern CA with Key Vault,
A certificate created with a partner CA with Key Vault,
A Key Vault can request and renew / auto-rotate certificates through established CA partners such as DigiCert and GlobalSign, providing a robust solution for certificate lifecycle management. This auto-rotation capability is not applicable for certificates created with non-partner CAs.
Partner certificate authority (CA)
The following CAs are currently partnered providers with Key Vault:
DigiCert: Key Vault offers OV or EV TLS/SSL certificates.
GlobalSign: Key Vault offers OV or EV TLS/SSL certificates.
Auto-rotation
Auto-rotation can be configured on your certificate’s lifecycle attributes at the same time while you create your certificate or at a later stage.
Updating certificate lifecycle attributes while creating a new certificate
Go to Key Vault > Certificates
Select Generate/Import
Create a certificate screen, update the following values:
Validity Period: Update the value (in months).
Lifetime Action Type (Select the certificate’s auto-renewal and alerting action and then update percentage lifetime or Number of days before expiry. By default, a certificate’s auto-renewal is set at 80 percent of its lifetime)
Create
Updating certificate lifecycle attributes on an existing stored certificate
Go to Key Vault > Certificates
Select the certificate you want to update > Select Issuance Policy
On the Issuance Policy screen, update the following values:
Validity Period: Update the value (in months).
Lifetime Action Type:
Select the certificate’s auto-renewal and alerting action – based on either percentage or defined by days
(Changing the Lifetime Action Type for a certificate will record modifications for the existing certificates immediately.)
Update the percentage lifetime or Number of days before expiry > Save
If you choose to configure a Azure Key Vault Certificate Policy then you may either click on Advanced Policy Configuration link or configure the policy via powershell as per below.
Adding new certificate contacts
If you want to add a contact to the specified vault to receive notifications of certificate operations.
Get a full list of contacts for your key vault:
az keyvault certificate contact list --vault-name "vaultname"
az keyvault certificate contact add --email youremail@domain.com --vault-name "allen-kv1" --name "Allen Visser" --phone "+2782 000 000"
Verify the full list of contacts added to your key vault:
–I hope this blog made your life easier with regards to updating your certificate’s validity period, auto-rotation frequency, configuring email notification contact and CA attributes.—
You helped me a lot with this post. I love the subject and I hope you continue to write excellent articles like this.
You’ve the most impressive websites.
Great beat ! I would like to apprentice while you amend your web site, how could i subscribe for a blog site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear concept
Good web site! I truly love how it is easy on my eyes and the data are well written. I am wondering how I could be notified whenever a new post has been made. I’ve subscribed to your RSS which must do the trick! Have a nice day!
Thank you for sharing this article with me. It helped me a lot and I love it.
My brother suggested I would possibly like this blog. He was entirely right. This publish truly made my day. You cann’t believe just how so much time I had spent for this info! Thank you!
How can I find out more about it?