Azure – You can now use your own certificate for domain validation with Azure Front Door

Azure Front Door Standard and Premium SKUs now allows you to use your own certificate when validating the custom domain.

Azure Front Door will automatically approve the custom domain if the Certificate Name (CN) or Subject Alternative Name (SAN) of the certificate matches the custom domain.

It will improve and simplify the domain validation process, especially when using Infrastructure as Code (IaC) (such as DevOps) to deploy Front Door.

image  image

Your custom certificate must be saved in an Azure KeyVault hosted in the same subscription than Azure Front Door.

The certificate must not use elliptic curve (EC) cryptography algorithms, must have a complete certificate chain with leaf and intermediate certificates and the delivering root authority is part of the Microsoft Trusted CA list (https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT)

You also need to ensure Azure Front Door is registered as Azure AD app and has access to list the certificates

For public cloud use New-AzADServicePrincipal -ApplicationId ‘205478c0-bd83-4e1b-a9d6-db63a3e1e1c8’

For government cloud use New-AzADServicePrincipal -ApplicationId ‘d4631ece-daab-479b-be77-ccb713491fc0’

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.