Unable to Import Key Vault Certificate in Azure Government Cloud

2
votes

I am trying to import a certificate from a Key Vault to an App Service to configure SSL in the Azure Government Cloud. When I do this I get an error stating:

Failed to get App Service Service principal details.

I am getting a similar error when I try to do this through an ARM template which it what caused me to try this manually. I have tried giving my App Service a managed identity and giving that identity access to the key vault. I have tried a technique that worked in the regular Azure Cloud of giving "Microsoft Azure App Service" account permission to the key vault but that doesn't seem to exist in the Government Cloud.

I would have expected this to simply work and allow me to configure my SSL correctly on the app service so I don't need to manage the certificates individually on every app service.

2
azureazure-keyvaultazure-gov

2 Answers

2
votes

I eventually found the solution to the issue.

Following the directions found here: https://github.com/Azure/azure-quickstart-templates/tree/master/201-web-app-certificate-from-key-vault

I tried to authorize the 'Microsoft.Azure.WebSites' Resource Provider as described in the link, but that GUID doesn't exist in the Government Cloud.

This link however does give you the equivalent GUID for the Government Cloud: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/azure-government/documentation-government-services-webandmobile.md#app-services

After using the script from the first link with the GUID value from the second link I was able to get both deployments and manual SSL added.