I was looking for any documentation on how Azure Key Vault can be integrated into an internal CA?
I have read information on KV being integrated with 3rd party issues, such as DigiCert, but I was wondering how to do this with a traditional Windows Server running as a CA?
You can generate your CSR in Key Vault and get them signed by an internal CA, that's a scenario I can confirm is working. It's not automatically signed like you would have with Digicert, it it works.
Keep in mind your Certificate Revocation List and CA might not be accessible from other Azure services. You could get some warnings on the certificate validity.
It's possible also to generate a new certificate from a key vault by using the option
Certificate issued by a non integrated CA
At the end of the process you can download the certificate signing request .Then you can submit the CSR . The process to sign and save the file is described below:
I went to upvote this because I was wondering the same thing and can think of a variety of scenarios where having an Active Directory CA Provider integrated with Key Vault for automatic Cert Rotation would be valuable for my business....as a variety of solutions we are planning for will be "internal only" applications/services.
Apparently this feedback site is no longer accessible? So where would we go to support the idea as a feature request/enhancement?
I am wanting to get rid of my Windows Active Directory services and go all in with Microsoft 365/Azure. However, I have a need to generate certificates, which implies Windows Active Directory Certificate Service. I don't see such CA within Azure that we can make use for generating certificates, e.g., host.company.local. Hopefully someone is still reading this and can point me to the right place.
