Azure App Service Certificate can be also be used for other Azure services and not just App Service Web App. The list includes Virtual Machines and Azure Application Gateway.
In order to use the certificate outside Azure, you can export it from the Azure Portal.
Simply select:
- Settings
- Export Certificate
- click Key Vault
- click on the current version and download as certificate button. (the script in the link below does not work correctly so you need to do it in this way).
The .pfx created above will not include the chain certificates. Services such ad Azure App Services expect uploaded certificates to have all chain certificates included in the pfx file. In order for the chain certificates to be part of the pfx file, you must install the exported certificate on your computer. In this step make sure you have marked the certificate as exportable.
It is possible to use App Cervice Certificate on Application Gateway, here there is the setup guide.
Things to be noted:
- App Service Certificate puts the certificate under Key Vault > Secrets section
- Application Gateway portal UI allows only to select a certificate available under Key Vault > Certificates Section
- in order to use a certificate in secrets section az cli or powershell must be used (see link above)
- if you configure Application Gateway to use a certificate under Secrets you can benefit of the autorenew feature of the Azure App Service Certificate.
Here insted you can find a guide to manually renew an Application Gateway Certificate: https://docs.microsoft.com/en-us/azure/application-gateway/renew-certificates