1

I am designing the architecture of a new Azure environment. I was planning to use subscriptions to segregate development, staging and production.

I see that Azure wildcard SSL certificates need to be imported / exported between subscriptions. Will autorenew work in all subscriptions afterwards, or just the original one?

Alternatively, I could segregate environments by resource groups under one subscription. Will Azure SSL autorenew work between resource groups?

Or are there any alternative tricks or methods to share wildcard certificates between environments?

Peter Mortensen
  • 2,327
Jamie GF
  • 13
  • 2

1 Answers1

1

When you are using Azure Wildcard SSL certificates, autorenewal is tied to the original subscription where the certificate was created. So this means if you import/export the certificate to other subscriptions, autorenewal will not work automatically in the new subscriptions.

Like you mentioned, you can segregate environments using resource groups under one subscription. In this case, Azure SSL autorenewal will work across resource groups, as they are within the same subscription.

Personally, though, I would use a third-party certificate manager like AppGate, F5, or Venafi, all of which can help you manage and share Wildcard SSL certificates across different environments and subscriptions.

Peter Mortensen
  • 2,327
security_paranoid
  • 310