I am using Terraform 1.5.5 to create an Azure Application Gateway (SKU-2) targeting two Azure web-apps under a custom domain. I need to use https in communication but am struggling around "app-gw" and "web-app" certificates and how to implement this in Terraform.
This article seems to suggest its straight forward.
End-to-end TLS with the v2 SKU
Do I need to create a pfx certificate (in this case it will have to be a wildcard) to store in key-vault and then link to application gateway https listeners?
I have created the Terraform that creates an Azure Managed Cert for each of the 2 web-apps and bound it to the custom domain. Are the "Application Gateway Cert." and the "managed web-app certs." all required? (if all certs. are required are they related?)
Do I need to create a pfx certificate (in this case it will have to be a wildcard) to store in key-vault and then link to application gateway https listeners?
both the web apps cannot be under same custom domain(cause the domain validation will fail when you try to create the custom domain as the asuid txt record will already exist.)
So , the wildcard certificate can be uploaded to webapp (certificate binding) and to the app gateway listener (if you store the cert in a kv then you can just link it to the app gateway and the pfx willbe pulled)With Terraform you need to pull the versionless secret id for the secret and upload it to the app gateway for ssl.
I have created the Terraform that creates an Azure Managed Cert for each of the 2 web-apps and bound it to the custom domain. Are the "Application Gateway Cert." and the "managed web-app certs." all required? (if all certs. are required are they related?)
No, you dont need multiple certificates , this can be achieved using just self signed certificates from a key-vault.