You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/configure-ssl-app-service-certificate.md
+3-7Lines changed: 3 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -71,8 +71,6 @@ By default, the App Service certificate resource provider doesn't have access to
71
71
72
72
The service principal app ID or assignee value is the application (client) ID for the App Service certificate resource provider.
73
73
74
-
Don't delete these access policy permissions from the key vault. If you do, App Service certificate can't store, renew, or rekey the certificate in key vault.
| Resource provider | Service principal app ID | Key Vault secret permissions | Key Vault certificate permissions |
@@ -81,10 +79,11 @@ Don't delete these access policy permissions from the key vault. If you do, App
81
79
82
80
The service principal app ID or assignee value is the ID for the App Service certificate resource provider. To learn how to authorize Key Vault permissions for the App Service certificate resource provider by using an access policy, see [Assign a Key Vault access policy](/azure/key-vault/general/assign-access-policy?tabs=azure-portal).
83
81
84
-
Don't delete these permissions from the key vault. If you do, App Service certificate can't store, renew, or rekey the certificate in key vault.
85
-
86
82
---
87
83
84
+
> [!NOTE]
85
+
> Don't delete these permissions from the key vault. If you do, App Service certificate can't store, renew, or rekey the certificate in key vault.
86
+
88
87
> [!IMPORTANT]
89
88
> The values in the table are application (client) IDs. If you grant the Key Vault Certificate User role by using infrastructure-as-code (for example, ARM templates or Bicep), you typically must use the object ID of the corresponding enterprise application (service principal) in your Microsoft Entra tenant. Using the application ID works with some tooling (for example, Azure CLI role assignment), but ARM/Bicep role assignments generally require the service principal object ID.
0 commit comments