Cloud Service (Extended support) - certificate auto rotation feature

Copper Contributor



It would be awesome if the certificate auto rotation could be utilized by Cloud Service (Extended support). Since the migration away from Cloud services (Classic) made use of key vault for certificates, it would have been awesome if it were possible to ensure that renewed versions of certificates from the vault were automagically picked up by the cloud service (as they are in some other Azure services). 


My specific scenario is that I have a cloud service running a MS Teams call bot that exposes an OWIN self hosted API for an external service to interact with - The certificate expires unless I remember to update the config and restart the service :) The code running on the service also uses the certificate - and for that I am querying the key vault using KeyVault client (which is great). 


I gather the sticking point is that the cloud service specifically depends upon a thumbprint being supplied in the service definition - would be great if this could... well.. not work this way. 


any thoughts? 

2 Replies

@AlexSapple are you able to solve this problem?

Hi @dvloop,


no, although we have completely moved away from the cloud role services. In our specific scenario this was possible via the introduction of the ACS (Azure cloud communications) resources and APIs. So we don't have any more cloud services of this type. As far as I know the certificate auto rotation isn't supported for these types of resources as a hard coded thumbprint has to be supplied in the service definition.