Azure v6.24.0, Jun 18 25

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi

pulumi/pulumi-azure

azure.appservice.Certificate

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

This example provisions an App Service Certificate from a Local File.

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as std from "@pulumi/std";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleCertificate = new azure.appservice.Certificate("example", {
    name: "example-cert",
    resourceGroupName: example.name,
    location: example.location,
    pfxBlob: std.filebase64({
        input: "certificate.pfx",
    }).then(invoke => invoke.result),
    password: "password123!",
});

import pulumi
import pulumi_azure as azure
import pulumi_std as std

example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_certificate = azure.appservice.Certificate("example",
    name="example-cert",
    resource_group_name=example.name,
    location=example.location,
    pfx_blob=std.filebase64(input="certificate.pfx").result,
    password="password123!")

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/appservice"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
			Input: "certificate.pfx",
		}, nil)
		if err != nil {
			return err
		}
		_, err = appservice.NewCertificate(ctx, "example", &appservice.CertificateArgs{
			Name:              pulumi.String("example-cert"),
			ResourceGroupName: example.Name,
			Location:          example.Location,
			PfxBlob:           pulumi.String(invokeFilebase64.Result),
			Password:          pulumi.String("password123!"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using Std = Pulumi.Std;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleCertificate = new Azure.AppService.Certificate("example", new()
    {
        Name = "example-cert",
        ResourceGroupName = example.Name,
        Location = example.Location,
        PfxBlob = Std.Filebase64.Invoke(new()
        {
            Input = "certificate.pfx",
        }).Apply(invoke => invoke.Result),
        Password = "password123!",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.appservice.Certificate;
import com.pulumi.azure.appservice.CertificateArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Filebase64Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
            .name("example-cert")
            .resourceGroupName(example.name())
            .location(example.location())
            .pfxBlob(StdFunctions.filebase64(Filebase64Args.builder()
                .input("certificate.pfx")
                .build()).result())
            .password("password123!")
            .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleCertificate:
    type: azure:appservice:Certificate
    name: example
    properties:
      name: example-cert
      resourceGroupName: ${example.name}
      location: ${example.location}
      pfxBlob:
        fn::invoke:
          function: std:filebase64
          arguments:
            input: certificate.pfx
          return: result
      password: password123!

Create Certificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                resource_group_name: Optional[str] = None,
                app_service_plan_id: Optional[str] = None,
                key_vault_id: Optional[str] = None,
                key_vault_secret_id: Optional[str] = None,
                location: Optional[str] = None,
                name: Optional[str] = None,
                password: Optional[str] = None,
                pfx_blob: Optional[str] = None,
                tags: Optional[Mapping[str, str]] = None)

func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: azure:appservice:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azureCertificateResource = new Azure.AppService.Certificate("azureCertificateResource", new()
{
    ResourceGroupName = "string",
    AppServicePlanId = "string",
    KeyVaultId = "string",
    KeyVaultSecretId = "string",
    Location = "string",
    Name = "string",
    Password = "string",
    PfxBlob = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := appservice.NewCertificate(ctx, "azureCertificateResource", &appservice.CertificateArgs{
	ResourceGroupName: pulumi.String("string"),
	AppServicePlanId:  pulumi.String("string"),
	KeyVaultId:        pulumi.String("string"),
	KeyVaultSecretId:  pulumi.String("string"),
	Location:          pulumi.String("string"),
	Name:              pulumi.String("string"),
	Password:          pulumi.String("string"),
	PfxBlob:           pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var azureCertificateResource = new com.pulumi.azure.appservice.Certificate("azureCertificateResource", com.pulumi.azure.appservice.CertificateArgs.builder()
    .resourceGroupName("string")
    .appServicePlanId("string")
    .keyVaultId("string")
    .keyVaultSecretId("string")
    .location("string")
    .name("string")
    .password("string")
    .pfxBlob("string")
    .tags(Map.of("string", "string"))
    .build());

azure_certificate_resource = azure.appservice.Certificate("azureCertificateResource",
    resource_group_name="string",
    app_service_plan_id="string",
    key_vault_id="string",
    key_vault_secret_id="string",
    location="string",
    name="string",
    password="string",
    pfx_blob="string",
    tags={
        "string": "string",
    })

const azureCertificateResource = new azure.appservice.Certificate("azureCertificateResource", {
    resourceGroupName: "string",
    appServicePlanId: "string",
    keyVaultId: "string",
    keyVaultSecretId: "string",
    location: "string",
    name: "string",
    password: "string",
    pfxBlob: "string",
    tags: {
        string: "string",
    },
});

type: azure:appservice:Certificate
properties:
    appServicePlanId: string
    keyVaultId: string
    keyVaultSecretId: string
    location: string
    name: string
    password: string
    pfxBlob: string
    resourceGroupName: string
    tags:
        string: string

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Certificate resource accepts the following input properties:

ResourceGroupName string: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
AppServicePlanId string: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
KeyVaultId string
KeyVaultSecretId string: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the certificate. Changing this forces a new resource to be created.
Password string: The password to access the certificate's private key. Changing this forces a new resource to be created.
PfxBlob string: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
Tags Dictionary<string, string>

ResourceGroupName string: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
AppServicePlanId string: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
KeyVaultId string
KeyVaultSecretId string: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the certificate. Changing this forces a new resource to be created.
Password string: The password to access the certificate's private key. Changing this forces a new resource to be created.
PfxBlob string: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
Tags map[string]string

resourceGroupName String: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
appServicePlanId String: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
keyVaultId String
keyVaultSecretId String: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the certificate. Changing this forces a new resource to be created.
password String: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfxBlob String: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
tags Map<String,String>

resourceGroupName string: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
appServicePlanId string: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
keyVaultId string
keyVaultSecretId string: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the certificate. Changing this forces a new resource to be created.
password string: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfxBlob string: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
tags {[key: string]: string}

resource_group_name str: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
app_service_plan_id str: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
key_vault_id str
key_vault_secret_id str: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the certificate. Changing this forces a new resource to be created.
password str: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfx_blob str: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
tags Mapping[str, str]

resourceGroupName String: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
appServicePlanId String: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
keyVaultId String
keyVaultSecretId String: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the certificate. Changing this forces a new resource to be created.
password String: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfxBlob String: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
tags Map<String>

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

ExpirationDate string: The expiration date for the certificate.
FriendlyName string: The friendly name of the certificate.
HostNames List<string>: List of host names the certificate applies to.
HostingEnvironmentProfileId string: The ID of the App Service Environment where the certificate is in use.
Id string: The provider-assigned unique ID for this managed resource.
IssueDate string: The issue date for the certificate.
Issuer string: The name of the certificate issuer.
SubjectName string: The subject name of the certificate.
Thumbprint string: The thumbprint for the certificate.

ExpirationDate string: The expiration date for the certificate.
FriendlyName string: The friendly name of the certificate.
HostNames []string: List of host names the certificate applies to.
HostingEnvironmentProfileId string: The ID of the App Service Environment where the certificate is in use.
Id string: The provider-assigned unique ID for this managed resource.
IssueDate string: The issue date for the certificate.
Issuer string: The name of the certificate issuer.
SubjectName string: The subject name of the certificate.
Thumbprint string: The thumbprint for the certificate.

expirationDate String: The expiration date for the certificate.
friendlyName String: The friendly name of the certificate.
hostNames List<String>: List of host names the certificate applies to.
hostingEnvironmentProfileId String: The ID of the App Service Environment where the certificate is in use.
id String: The provider-assigned unique ID for this managed resource.
issueDate String: The issue date for the certificate.
issuer String: The name of the certificate issuer.
subjectName String: The subject name of the certificate.
thumbprint String: The thumbprint for the certificate.

expirationDate string: The expiration date for the certificate.
friendlyName string: The friendly name of the certificate.
hostNames string[]: List of host names the certificate applies to.
hostingEnvironmentProfileId string: The ID of the App Service Environment where the certificate is in use.
id string: The provider-assigned unique ID for this managed resource.
issueDate string: The issue date for the certificate.
issuer string: The name of the certificate issuer.
subjectName string: The subject name of the certificate.
thumbprint string: The thumbprint for the certificate.

expiration_date str: The expiration date for the certificate.
friendly_name str: The friendly name of the certificate.
host_names Sequence[str]: List of host names the certificate applies to.
hosting_environment_profile_id str: The ID of the App Service Environment where the certificate is in use.
id str: The provider-assigned unique ID for this managed resource.
issue_date str: The issue date for the certificate.
issuer str: The name of the certificate issuer.
subject_name str: The subject name of the certificate.
thumbprint str: The thumbprint for the certificate.

expirationDate String: The expiration date for the certificate.
friendlyName String: The friendly name of the certificate.
hostNames List<String>: List of host names the certificate applies to.
hostingEnvironmentProfileId String: The ID of the App Service Environment where the certificate is in use.
id String: The provider-assigned unique ID for this managed resource.
issueDate String: The issue date for the certificate.
issuer String: The name of the certificate issuer.
subjectName String: The subject name of the certificate.
thumbprint String: The thumbprint for the certificate.

Look up Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_service_plan_id: Optional[str] = None,
        expiration_date: Optional[str] = None,
        friendly_name: Optional[str] = None,
        host_names: Optional[Sequence[str]] = None,
        hosting_environment_profile_id: Optional[str] = None,
        issue_date: Optional[str] = None,
        issuer: Optional[str] = None,
        key_vault_id: Optional[str] = None,
        key_vault_secret_id: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        password: Optional[str] = None,
        pfx_blob: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        subject_name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        thumbprint: Optional[str] = None) -> Certificate

func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)

public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)

public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)

resources:  _:    type: azure:appservice:Certificate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AppServicePlanId string: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
ExpirationDate string: The expiration date for the certificate.
FriendlyName string: The friendly name of the certificate.
HostNames List<string>: List of host names the certificate applies to.
HostingEnvironmentProfileId string: The ID of the App Service Environment where the certificate is in use.
IssueDate string: The issue date for the certificate.
Issuer string: The name of the certificate issuer.
KeyVaultId string
KeyVaultSecretId string: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the certificate. Changing this forces a new resource to be created.
Password string: The password to access the certificate's private key. Changing this forces a new resource to be created.
PfxBlob string: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
ResourceGroupName string: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
SubjectName string: The subject name of the certificate.
Tags Dictionary<string, string>
Thumbprint string: The thumbprint for the certificate.

AppServicePlanId string: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
ExpirationDate string: The expiration date for the certificate.
FriendlyName string: The friendly name of the certificate.
HostNames []string: List of host names the certificate applies to.
HostingEnvironmentProfileId string: The ID of the App Service Environment where the certificate is in use.
IssueDate string: The issue date for the certificate.
Issuer string: The name of the certificate issuer.
KeyVaultId string
KeyVaultSecretId string: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
Location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the name of the certificate. Changing this forces a new resource to be created.
Password string: The password to access the certificate's private key. Changing this forces a new resource to be created.
PfxBlob string: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
ResourceGroupName string: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
SubjectName string: The subject name of the certificate.
Tags map[string]string
Thumbprint string: The thumbprint for the certificate.

appServicePlanId String: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
expirationDate String: The expiration date for the certificate.
friendlyName String: The friendly name of the certificate.
hostNames List<String>: List of host names the certificate applies to.
hostingEnvironmentProfileId String: The ID of the App Service Environment where the certificate is in use.
issueDate String: The issue date for the certificate.
issuer String: The name of the certificate issuer.
keyVaultId String
keyVaultSecretId String: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the certificate. Changing this forces a new resource to be created.
password String: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfxBlob String: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
resourceGroupName String: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
subjectName String: The subject name of the certificate.
tags Map<String,String>
thumbprint String: The thumbprint for the certificate.

appServicePlanId string: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
expirationDate string: The expiration date for the certificate.
friendlyName string: The friendly name of the certificate.
hostNames string[]: List of host names the certificate applies to.
hostingEnvironmentProfileId string: The ID of the App Service Environment where the certificate is in use.
issueDate string: The issue date for the certificate.
issuer string: The name of the certificate issuer.
keyVaultId string
keyVaultSecretId string: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location string: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the name of the certificate. Changing this forces a new resource to be created.
password string: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfxBlob string: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
resourceGroupName string: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
subjectName string: The subject name of the certificate.
tags {[key: string]: string}
thumbprint string: The thumbprint for the certificate.

app_service_plan_id str: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
expiration_date str: The expiration date for the certificate.
friendly_name str: The friendly name of the certificate.
host_names Sequence[str]: List of host names the certificate applies to.
hosting_environment_profile_id str: The ID of the App Service Environment where the certificate is in use.
issue_date str: The issue date for the certificate.
issuer str: The name of the certificate issuer.
key_vault_id str
key_vault_secret_id str: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location str: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the name of the certificate. Changing this forces a new resource to be created.
password str: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfx_blob str: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
resource_group_name str: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
subject_name str: The subject name of the certificate.
tags Mapping[str, str]
thumbprint str: The thumbprint for the certificate.

appServicePlanId String: The ID of the associated App Service plan. Must be specified when the certificate is used inside an App Service Environment hosted App Service or with Basic and Premium App Service plans. Changing this forces a new resource to be created.
expirationDate String: The expiration date for the certificate.
friendlyName String: The friendly name of the certificate.
hostNames List<String>: List of host names the certificate applies to.
hostingEnvironmentProfileId String: The ID of the App Service Environment where the certificate is in use.
issueDate String: The issue date for the certificate.
issuer String: The name of the certificate issuer.
keyVaultId String
keyVaultSecretId String: The ID of the Key Vault secret. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
location String: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the name of the certificate. Changing this forces a new resource to be created.
password String: The password to access the certificate's private key. Changing this forces a new resource to be created.
pfxBlob String: The base64-encoded contents of the certificate. Changing this forces a new resource to be created.
NOTE: Exactly one of key_vault_secret_id or pfx_blob must be specified.
resourceGroupName String: The name of the resource group in which to create the certificate. Changing this forces a new resource to be created.
NOTE: The resource group must be the same as that which the app service plan is defined in - otherwise the certificate will not show as available for the app services.
subjectName String: The subject name of the certificate.
tags Map<String>
thumbprint String: The thumbprint for the certificate.

Import

App Service Certificates can be imported using the resource id, e.g.

$ pulumi import azure:appservice/certificate:Certificate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Web/certificates/certificate1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi

pulumi/pulumi-azure

azure.appservice.Certificate

On this page

On this page

Example Usage

Create Certificate Resource

Constructor syntax

Parameters

Constructor example

Certificate Resource Properties

Inputs

Outputs

Look up Existing Certificate Resource

Import

Package Details

On this page

On this page