Initial refresh edits

Author: dksimpson

articles/logic-apps/logic-apps-enterprise-integration-certificates.md

@@ -5,10 +5,11 @@ services: logic-apps
 ms.suite: integration
 author: divyaswarnkar
 ms.author: divswa
-ms.reviewer: estfan, azla
+ms.reviewers: estfan, azla
 ms.topic: how-to
-ms.date: 08/27/2024
-ms.custom: sfi-image-nochange
+ms.date: 04/03/2026
+ms.custom: sfi-im6ge-nochange
+Customer intent: As a logic app workflow developer, I want to improve my logic app's security by adding a certificate to my integration account.
 ---
 
 # Add certificates to integration accounts for securing messages in workflows with Azure Logic Apps
@@ -33,19 +34,19 @@ If you're new to logic apps, review [What is Azure Logic Apps](logic-apps-overvi
 
 ## Prerequisites
 
-* An Azure account and subscription. If you don't have a subscription yet, [sign up for a free Azure account](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
+* An Azure account and subscription. [Get a free Azure account](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 
-* An [integration account resource](logic-apps-enterprise-integration-create-integration-account.md) where you define and store artifacts, such as trading partners, agreements, certificates, and so on, for use in your enterprise integration and B2B workflows. This resource has to meet the following requirements:
+* An [integration account resource](logic-apps-enterprise-integration-create-integration-account.md). In this resource, you define and store artifacts, such as trading partners, agreements, and certificates, for use in your enterprise integration and B2B workflows. This resource must meet the following requirements:
 
-  * Is associated with the same Azure subscription as your logic app resource.
+  * Associated with the same Azure subscription as your logic app resource.
 
   * Exists in the same location or Azure region as your logic app resource.
 
-  * If you have a [Consumption logic app resource](logic-apps-overview.md#resource-environment-differences), you have to [link your integration account to your logic app resource](logic-apps-enterprise-integration-create-integration-account.md#link-account) before you can use your artifacts in your workflow.
+  * Linked to your logic app resource. If you have a [Consumption logic app resource](logic-apps-overview.md#resource-environment-differences), you need to [link your integration account to your logic app resource](logic-apps-enterprise-integration-create-integration-account.md#link-account) before you can use your artifacts in your workflow.
 
-    To create and add certificates for use in **Logic App (Consumption)** workflows, you don't need a logic app resource yet. However, when you're ready to use those certificates in your workflows, your logic app resource requires a linked integration account that stores those certificates.
+    To create and add certificates for use in **Logic App (Consumption)** workflows, you don't need a logic app resource. However, when you're ready to use those certificates in your workflows, your logic app resource requires a linked integration account that stores those certificates.
 
-  * If you have a [Standard logic app resource](logic-apps-overview.md#resource-environment-differences), your integration account doesn't need a link to your logic app resource but is still required to store other artifacts, such as partners, agreements, and certificates, along with using the [AS2](logic-apps-enterprise-integration-as2.md), [X12](logic-apps-enterprise-integration-x12.md), and [EDIFACT](logic-apps-enterprise-integration-edifact.md) operations. Your integration account still has to meet other requirements, such as using the same Azure subscription and existing in the same location as your logic app resource.
+  * If you have a [Standard logic app resource](logic-apps-overview.md#resource-environment-differences), your integration account doesn't need a link to your logic app resource. However, it must store other artifacts, such as partners, agreements, and certificates, along with using the [AS2](logic-apps-enterprise-integration-as2.md), [X12](logic-apps-enterprise-integration-x12.md), and [EDIFACT](logic-apps-enterprise-integration-edifact.md) operations. Your integration account needs to meet other requirements, such as using the same Azure subscription and existing in the same location as your logic app resource.
 
 * For private certificates, you must meet the following prerequisites:
 
@@ -55,85 +56,79 @@ If you're new to logic apps, review [What is Azure Logic Apps](logic-apps-overvi
 
     > [!NOTE]
     >
-    > If you're using access policies with your key vault, considering
+    > If you're using access policies with your key vault, consider
     > [migrating to the Azure role-based access control permission model](/azure/key-vault/general/rbac-migration).
     >
-    > If you receive the error **"Please authorize logic apps to perform operations on key vault by granting access for the logic apps 
-    > service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations."**, your 
-    > certificate might not have the **Key Usage** property set to **Data Encipherment**. If not, you might have to recreate the certificate 
-    > with the **Key Usage** property set to **Data Encipherment**. To check your certificate, open the certificate, select the 
-    > **Details** tab, and review the **Key Usage** property.
+    > If you receive the error **"Please authorize logic apps to perform operations on key vault by granting access for the logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations."**, your certificate might not have the **Key Usage** property set to **Data Encipherment**. If so, you might need to recreate the certificate with the **Key Usage** property set to **Data Encipherment**. To check your certificate, open the certificate, select the **Details** tab, and review the **Key Usage** property.
 
   * [Add the corresponding public certificate](#add-public-certificate) to your key vault. This certificate appears in your [agreement's **Send** and **Receive** settings for signing and encrypting messages](logic-apps-enterprise-integration-agreements.md). For example, review [Reference for AS2 messages settings in Azure Logic Apps](logic-apps-enterprise-integration-as2-message-settings.md).
 
 * At least two [trading partners](logic-apps-enterprise-integration-partners.md) and an [agreement between those partners](logic-apps-enterprise-integration-agreements.md) in your integration account. An agreement requires a host partner and a guest partner. Also, an agreement requires that both partners use the same or compatible *business identity* qualifier that's appropriate for an AS2, X12, EDIFACT, or RosettaNet agreement.
 
-* Optionally, the logic app resource and workflow where you want to use the certificate. The workflow requires any trigger that starts your logic app's workflow. If you haven't created a logic app workflow before, review [Quickstart: Create an example Consumption logic app workflow](quickstart-create-example-consumption-workflow.md).
+* Optionally, the logic app resource and workflow where you want to use the certificate. The workflow requires any trigger that starts your logic app's workflow. For more information, see [Quickstart: Create an example Consumption logic app workflow](quickstart-create-example-consumption-workflow.md).
 
 <a name="add-public-certificate"></a>
 
 ## Use a public certificate
 
-To use a *public certificate* in your workflow, you have to first add the certificate to your integration account.
+To use a *public certificate* in your workflow, you first add the certificate to your integration account.
 
-1. In the [Azure portal](https://portal.azure.com) search box, enter `integration accounts`, and select **Integration accounts**.
+1. In the [Azure portal](https://portal.azure.com) search box, enter **integration accounts**, and then select **Integration accounts**.
 
 1. Under **Integration accounts**, select the integration account where you want to add your certificate.
 
-1. On the integration account menu, under **Settings**, select **Certificates**.
+1. On the **Integration account** menu, under **Settings**, select **Certificates**.
 
 1. On the **Certificates** pane, select **Add**.
 
 1. On the **Add Certificate** pane, provide the following information about the certificate:
 
    | Property | Required | Value | Description |
-   |----------|----------|-------|-------------|
-   | **Name** | Yes | <*certificate-name*> | Your certificate's name, which is `publicCert` in this example |
+   | -------- | -------- | ----- | ----------- |
+   | **Name** | Yes | <*certificate-name*> | Your certificate's name |
    | **Certificate Type** | Yes | **Public** | Your certificate's type |
-   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. Select the certificate that you want to use. |
-   |||||
+   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. Browse and choose the certificate that you want to use, and then select **Open**. |
 
-   ![Screenshot showing the Azure portal and integration account with "Add" selected and the "Add Certificate" pane with public certificate details.](media/logic-apps-enterprise-integration-certificates/public-certificate-details.png)
+   :::image type="content" source="media/logic-apps-enterprise-integration-certificates/public-certificate-details.png" alt-text="Screenshot that shows the Azure portal and integration account with Add selected and the Add Certificate pane with public certificate details.":::
 
 1. When you're done, select **OK**.
 
-   After Azure validates your selection, Azure uploads your certificate.
+   After Azure validates your selection, it uploads your certificate.
 
-   ![Screenshot showing the Azure portal and integration account with the public certificate in the "Certificates" list.](media/logic-apps-enterprise-integration-certificates/new-public-certificate.png)
+   :::image type="content" source="media/logic-apps-enterprise-integration-certificates/new-public-certificate.png" alt-text="Screenshot that shows the Azure portal and integration account with the public certificate in the Certificates list.":::
 
 <a name="add-private-certificate"></a>
 
 ## Use a private certificate
 
-To use a *private certificate* in your workflow, you have to first meet the [prerequisites for private keys](#prerequisites), and add a public certificate to your integration account.
+To use a *private certificate* in your workflow, you must meet the [prerequisites for private keys](#prerequisites), and add a public certificate to your integration account.
 
-1. In the [Azure portal](https://portal.azure.com) search box, enter `integration accounts`, and select **Integration accounts**.
+1. In the [Azure portal](https://portal.azure.com) search box, enter **integration accounts**, and then select **Integration accounts**.
 
 1. Under **Integration accounts**, select the integration account where you want to add your certificate.
 
-1. On the integration account menu, under **Settings**, select **Certificates**.
+1. On the **Integration account** menu, under **Settings**, select **Certificates**.
 
 1. On the **Certificates** pane, select **Add**.
 
 1. On the **Add Certificate** pane, provide the following information about the certificate:
 
    | Property | Required | Value | Description |
-   |----------|----------|-------|-------------|
-   | **Name** | Yes | <*certificate-name*> | Your certificate's name, which is `privateCert` in this example |
+   | -------- | -------- | ----- | ----------- |
+   | **Name** | Yes | <*certificate-name*> | Your certificate's name |
    | **Certificate Type** | Yes | **Private** | Your certificate's type |
-   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. Select the public certificate that corresponds to the private key that's stored in your key vault. |
-   | **Resource Group** | Yes | <*integration-account-resource-group*> | Your integration account's resource group, which is `Integration-Account-RG` in this example |
+   | **Certificate** | Yes | <*certificate-file-name*> | To browse for the certificate file that you want to add, select the folder icon next to the **Certificate** box. Select the public certificate that corresponds to the private key stored in your key vault. |
+   | **Resource Group** | Yes | <*integration-account-resource-group*> | Your integration account's resource group |
    | **Key Vault** | Yes | <*key-vault-name*> | Your key vault name |
    | **Key name** | Yes | <*key-name*> | Your key name |
-   |||||
 
-   ![Screenshot showing the Azure portal and integration account with "Add" selected and the "Add Certificate" pane with private certificate details.](media/logic-apps-enterprise-integration-certificates/private-certificate-details.png)
+   :::image type="content" source="media/logic-apps-enterprise-integration-certificates/private-certificate-details.png" alt-text="Screenshot that shows the Azure portal and integration account with Add selected and the Add Certificate pane with private certificate details.":::
 
 1. When you're done, select **OK**.
 
-   After Azure validates your selection, Azure uploads your certificate.
+   After Azure validates your selection, it uploads your certificate.
 
-   ![Screenshot showing the Azure portal and integration account with the private certificate in the "Certificates" list.](media/logic-apps-enterprise-integration-certificates/new-private-certificate.png)
+   :::image type="content" source="media/logic-apps-enterprise-integration-certificates/new-private-certificate.png" alt-text="Screenshot that shows the Azure portal and integration account with the private certificate in the Certificates list.":::
 
 ## Next steps