az network application-gateway ssl-cert

Manage SSL certificates of an application gateway.

For more information visit https://docs.microsoft.com/azure/application-gateway/application-gateway-ssl-cli.

Commands

az network application-gateway ssl-cert create

Upload an SSL certificate.

az network application-gateway ssl-cert delete

Delete an SSL certificate.

az network application-gateway ssl-cert list

List SSL certificates.

az network application-gateway ssl-cert show

Get the details of an SSL certificate.

az network application-gateway ssl-cert update

Update an SSL certificate.

az network application-gateway ssl-cert create

Upload an SSL certificate.

az network application-gateway ssl-cert create --gateway-name
                                               --name
                                               --resource-group
                                               [--cert-file]
                                               [--cert-password]
                                               [--key-vault-secret-id]
                                               [--no-wait]
                                               [--subscription]

Examples

Upload an SSL certificate via --cert-file and --cert-password.

az network application-gateway ssl-cert create -g MyResourceGroup --gateway-name MyAppGateway \
    -n MySSLCert --cert-file \path\to\cert\file --cert-password Abc123

Upload an SSL certificate via --key-vault-secret-id of a KeyVault Secret

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -out azure-cli-app-tls.crt \
  -keyout azure-cli-app-tls.key \
  -subj "/CN=azure-cli-app"

openssl pkcs12 -export \
  -in azure-cli-tls.crt \
  -inkey sample-app-tls.key \
  -passout pass: -out azure-cli-cert.pfx

SecretValue=$(cat azure-cli-cert.pfx | base64)

az keyvault secret set --vault-name MyKeyVault --name MySecret --value ${SecretValue}

az network application-gateway ssl-cert create \
  --resource-group MyResourceGroup \
  --gateway-name MyAppGateway \
  -n MySSLCert \
  --key-vault-secret-id MySecretSecretID

Upload an SSL certificate via --key-vault-secret-id of a KeyVault Certificate

az keyvault certificate create \
  --vault-name MyKeyVault \
  --name MyCertificate \
  --policy "$(az keyvault certificate get-default-policy)" \

az network application-gateway ssl-cert create \
  --resource-group MyResourceGroup \
  --gateway-name MyAppGateway \
  -n MySSLCert \
  --key-vault-secret-id MyCertificateSecretID

Required Parameters

--gateway-name

Name of the application gateway.

--name -n

The name of the SSL certificate.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--cert-file

The path to the PFX certificate file.

--cert-password

Certificate password.

--key-vault-secret-id

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in Azure KeyVault.

--no-wait

Do not wait for the long-running operation to finish.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network application-gateway ssl-cert delete

Delete an SSL certificate.

az network application-gateway ssl-cert delete [--gateway-name]
                                               [--ids]
                                               [--name]
                                               [--no-wait]
                                               [--resource-group]
                                               [--subscription]

Examples

Delete an SSL certificate.

az network application-gateway ssl-cert delete -g MyResourceGroup --gateway-name MyAppGateway -n MySslCert

Optional Parameters

--gateway-name

The name of the application gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the SSL certificate.

--no-wait

Do not wait for the long-running operation to finish.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network application-gateway ssl-cert list

List SSL certificates.

az network application-gateway ssl-cert list --gateway-name
                                             --resource-group
                                             [--query-examples]
                                             [--subscription]

Examples

List SSL certificates.

az network application-gateway ssl-cert list -g MyResourceGroup --gateway-name MyAppGateway

Required Parameters

--gateway-name

The name of the application gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network application-gateway ssl-cert show

Get the details of an SSL certificate.

az network application-gateway ssl-cert show [--gateway-name]
                                             [--ids]
                                             [--name]
                                             [--query-examples]
                                             [--resource-group]
                                             [--subscription]

Examples

Get the details of an SSL certificate.

az network application-gateway ssl-cert show -g MyResourceGroup --gateway-name MyAppGateway -n MySslCert

Optional Parameters

--gateway-name

The name of the application gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the SSL certificate.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network application-gateway ssl-cert update

Update an SSL certificate.

az network application-gateway ssl-cert update [--add]
                                               [--cert-file]
                                               [--cert-password]
                                               [--force-string]
                                               [--gateway-name]
                                               [--ids]
                                               [--key-vault-secret-id]
                                               [--name]
                                               [--no-wait]
                                               [--remove]
                                               [--resource-group]
                                               [--set]
                                               [--subscription]

Examples

Change a gateway SSL certificate and password.

az network application-gateway ssl-cert update -g MyResourceGroup --gateway-name MyAppGateway -n MySslCert \
    --cert-file \path\to\new\cert\file --cert-password Abc123Abc123

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--cert-file

The path to the PFX certificate file.

--cert-password

Certificate password.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--gateway-name

Name of the application gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--key-vault-secret-id

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in Azure KeyVault.

--name -n

The name of the SSL certificate.

--no-wait

Do not wait for the long-running operation to finish.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.