SSL/TLS for Azure Virtual Machine Scale Sets
V7.1.0
This workload allows for the automatic creation, installation and renewal of a SSL/TLS certificate for Azure Virtual Machine Scale Sets using :
STEPS
Step 1 : Create the SSL/TLS Certificate
- Create the SSL/TLS certificate in the RCL SSL Portal by using either the :
- Azure DNS + Key Vault option
- Azure DNS + Key Vault SAN option
- The SAN option allow for two domains (wild card + naked domain, eg: *.contoso.com, contoso.com) on the certificate, whereas, the other option only allows one domain on the certificate.
Step 2 : Certificate Automatically Imported to Key Vault
- After creation, the certificate is automatically imported to Azure Key Vault
- Check for the certificate name and version in Azure Key Vault
Step 3 : TLS Termination with Azure Application Gateway
Application Gateway supports TLS termination at the gateway, after which traffic typically flows unencrypted to the backend servers or virtual machines.
- Learn about : TLS Termination with Application Gateway
- Learn about : Virtual Machines with Application Gateway
-
After creating and installing the SSL/TLS certificate in Azure Key Vault using the RCL SSL portal, follow the instructions in the link below to configure TLS termination with the Key Vault certificate and Application Gateway V2 :
- Configure TLS termination with Key Vault certificates and Application Gateway V2
Step 4 : Automatically Renewing a SSL/TLS Certificate
SSL/TLS Certificates will expire within 90 days. Follow these instructions to automatically renew the certificate.
- Use the RCL SSL AutoRenew Function to automatically renew certificates
- The certificates will be automatically renewed , imported to Key Vault and the TLS termination with Application gateway will be updated without any user interaction being required