Create a Certificate in Azure Key Vault

Prerequisites

  1. Register Domain
  2. Connecting your Azure Key Vault

Video Version

Overview

EZCA seamlessly integrates with Azure Key Vault to enable users to create, request, and manage certificates from a single place.

Requesting The Certificate

  1. Navigate to https://portal.ezca.io/
  2. Navigate to Domains. Domains Menu
  3. Click the “Request Certificate” button on the domain you want to request a certificate for. Domains Menu
  4. This will pre-populate the Subject Name and Subject Alternate Names with the selected domain. Create Certificate
  5. If this certificate requires more subject alternate names (Usually for other domains that might use this certificate), add them in the DNS Names section.
  6. By Default, EZCA will request the certificate to be the maximum validity allowed by your administrators. If you want to decrease the lifetime of the certificate, adjust the validity slider. Create Certificate
  7. Change the Certificate Location to Azure Key Vault Create Certificate
  8. Select the Azure subscription containing the Key Vault Create Certificate
  9. Select the Azure Key Vault where you want to store the certificate. Create Certificate
  10. For an automated lifecycle, select the “Auto renew certificate” option. This will enable EZCA automatically renew your certificate when it is over the defined rotation lifetime.

    Enabling automatic renewal of certificates, automates the lifecycle of your certificates reducing the chances of having an expired certificate related outage.

    Create Certificate
  11. Adjust the slider to select at what percentage of the certificate lifetime do you want EZCA to automatically renew the certificate. Create Certificate
  12. Click the “Request Certificate” button at the top right of the form. Create Certificate
  13. Your Certificate has been created successfully Create Certificate

Using The Certificate

In this section we will cover where the certificate was created and present you with Microsoft resources on how that certificate can be used.

Getting The Certificate From The Azure Portal

  1. Navigate to https://portal.azure.com
  2. Navigate to the Azure Key Vault you selected to keep this certificate.
  3. Click on Certificates Review AKV Cert
  4. You should see a certificate with the following name convention “CERTIFICATENAME"EZCA"RANDOMNUMBER” where CERTIFICATENAME is the subject name for your certificate and RANDOMNUMBER is a random number created by EZCA to avoid collisions in the Azure Key Vault. Review AKV Cert
  5. Click on the certificate
  6. Click on the current version Review AKV Cert
  7. This will open the certificate details page.
  8. From the certificate details page you can download the CER formatted certificate (No private key) or the PFX/PEM format that contains the private key. Review AKV Cert

Azure Resources to using a Key Vault Stored Certificate

  1. Azure Key Vault Extension For Automatically Downloading Certificates to Windows VM
  2. Azure Key Vault Extension For Automatically Downloading Certificates to Linux VM
  3. Retrieve a Certificate From Azure Key Vault Using C#