Problem
Here is my sandbox code to demonstrate how to deploy with Bicep. For this, I’m utilizing a bespoke certificate.
profileName string = ‘testresearchcdn’ param profileName string = ‘testresearchcdn’ param profileName string = ‘test
@allowed([
'Standard_Verizon'
'Premium_Verizon'
'Custom_Verizon'
'Standard_Akamai'
'Standard_ChinaCdn'
'Standard_Microsoft'
'Premium_ChinaCdn'
'Standard_AzureFrontDoor'
'Premium_AzureFrontDoor'
'Standard_955BandWidth_ChinaCdn'
'Standard_AvgBandWidth_ChinaCdn'
'StandardPlus_ChinaCdn'
'StandardPlus_955BandWidth_ChinaCdn'
'StandardPlus_AvgBandWidth_ChinaCdn'
])
param sku string = 'Standard_Microsoft'
param endpointName string = 'testresearchcdn'
@description('Whether the HTTP traffic is allowed.')
param isHttpAllowed bool = true
@description('Whether the HTTPS traffic is allowed.')
param isHttpsAllowed bool = true
@description('Query string caching behavior.')
@allowed([
'IgnoreQueryString'
'BypassCaching'
'UseQueryString'
])
param queryStringCachingBehavior string = 'IgnoreQueryString'
@description('Content type that is compressed.')
param contentTypesToCompress array = [
'text/plain'
'text/html'
'text/css'
'application/x-javascript'
'text/javascript'
]
@description('Whether the compression is enabled')
param isCompressionEnabled bool = true
@description('Location for all resources.')
param location string = 'global'
resource testresearchcdn 'Microsoft.Cdn/profiles@2020-09-01' = {
name: profileName
location: location
properties: {}
sku: {
name: sku
}
}
resource Microsoft_Cdn_profiles_endpoints_testresearchcdn 'Microsoft.Cdn/profiles/endpoints@2020-09-01' = {
name: endpointName
parent: testresearchcdn
location: location
properties: {
originHostHeader: 'testresearchcdn.blob.core.windows.net'
isHttpAllowed: isHttpAllowed
isHttpsAllowed: isHttpsAllowed
queryStringCachingBehavior: queryStringCachingBehavior
contentTypesToCompress: contentTypesToCompress
isCompressionEnabled: isCompressionEnabled
origins: [
{
name: 'testresearchcdn-blob-core-windows-net'
properties: {
hostName: 'testresearchcdn.blob.core.windows.net'
}
}
]
}
}
resource test_researchcdn_example_com 'Microsoft.Cdn/profiles/endpoints/customDomains@2016-04-02' = {
name: 'test-researchcdn-example-com'
parent: Microsoft_Cdn_profiles_endpoints_testresearchcdn
properties: {
hostName: 'test-researchcdn.example.com'
}
}
resource example_wildcard_2019 'Microsoft.Cdn/profiles/secrets@2020-09-01' = {
name: 'DDKeyVault1'
parent: testresearchcdn
properties: {
parameters: {
type: 'CustomerCertificate'
certificateAuthority: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
secretSource: {
id: 'https://DDkeyvault1.vault.azure.net/certificates/example-wildcard-2019/xxxxxxxxxxxxxxxxxxxxx'
}
secretVersion: ''
subjectAlternativeNames: [
'*.example.com'
'example.com'
]
useLatestVersion: false
}
}
dependsOn: [
test_researchcdn_example_com
]
}
This is my blunder:
“BadRequest” is the code, and “SecretSource id is invalid” is the message.
I’ve tried SecretSource with Certificate Identifier, Secret Identifier, and kvID where the secret is stored, but I’m still receiving the same issue. What am I overlooking?
Asked by Abkade
Solution #1
You are incorrectly defining the Secret SourceId. We can’t use https:///certificates/certificateName in the ARM template; instead, use /subscriptions/SubscriptionID>/resourceGroups/resourceGroupName>/providers/Microsoft.KeyVault/vaults/KeyvaultName>/certificates/CertificateName>.
As a result, instead of the following in your code:
secretSource: {
id: 'https://DDkeyvault1.vault.azure.net/certificates/example-wildcard-2019/xxxxxxxxxxxxxxxxxxxxx'
}
This is what you must do:
secretSource: {
id: '/subscriptions/<YOUR-SUBSCRIPTION-ID>/resourceGroups/<YOUR-KEYVAULT-RESOURCE-GROUP-NAME>/providers/Microsoft.KeyVault/vaults/DDkeyvault1/certificates/example-wildcard-2019/xxxxxxxxxxxxxxxxxxxxx'
}
Please keep in mind that you will need to provide Azure CDN access to your key vault before performing the above.
Answered by RahulKumarShaw-MT
Post is based on https://stackoverflow.com/questions/70524355/getting-error-trying-to-use-custome-cert-with-azure-bicep