Cloud Service (Extended support) - certificate auto rotation feature

%3CLINGO-SUB%20id%3D%22lingo-sub-2687350%22%20slang%3D%22en-US%22%3ECloud%20Service%20(Extended%20support)%20-%20certificate%20auto%20rotation%20feature%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2687350%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20would%20be%20awesome%20if%20the%20certificate%20auto%20rotation%20could%20be%20utilized%20by%20Cloud%20Service%20(Extended%20support).%20Since%20the%20migration%20away%20from%20Cloud%20services%20(Classic)%20made%20use%20of%20key%20vault%20for%20certificates%2C%20it%20would%20have%20been%20awesome%20if%20it%20were%20possible%20to%20ensure%20that%20renewed%20versions%20of%20certificates%20from%20the%20vault%20were%20automagically%20picked%20up%20by%20the%20cloud%20service%20(as%20they%20are%20in%20some%20other%20Azure%20services).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20specific%20scenario%20is%20that%20I%20have%20a%20cloud%20service%20running%20a%20MS%20Teams%20call%20bot%20that%20exposes%20an%20OWIN%20self%20hosted%20API%20for%20an%20external%20service%20to%20interact%20with%20-%20The%20certificate%20expires%20unless%20I%20remember%20to%20update%20the%20config%20and%20restart%20the%20service%20%3A)%3C%2Fimg%3E%20The%20code%20running%20on%20the%20service%20also%20uses%20the%20certificate%20-%20and%20for%20that%20I%20am%20querying%20the%20key%20vault%20using%20KeyVault%20client%20(which%20is%20great).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20gather%20the%20sticking%20point%20is%20that%20the%20cloud%20service%20specifically%20depends%20upon%20a%20thumbprint%20being%20supplied%20in%20the%20service%20definition%20-%20would%20be%20great%20if%20this%20could...%20well..%20not%20work%20this%20way.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eany%20thoughts%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi, 

 

It would be awesome if the certificate auto rotation could be utilized by Cloud Service (Extended support). Since the migration away from Cloud services (Classic) made use of key vault for certificates, it would have been awesome if it were possible to ensure that renewed versions of certificates from the vault were automagically picked up by the cloud service (as they are in some other Azure services). 

 

My specific scenario is that I have a cloud service running a MS Teams call bot that exposes an OWIN self hosted API for an external service to interact with - The certificate expires unless I remember to update the config and restart the service :) The code running on the service also uses the certificate - and for that I am querying the key vault using KeyVault client (which is great). 

 

I gather the sticking point is that the cloud service specifically depends upon a thumbprint being supplied in the service definition - would be great if this could... well.. not work this way. 

 

any thoughts? 

0 Replies