API Management uses current certificates

Reliability · API Management · Rule · 2020_06 · Important

Renew certificates used for custom domain bindings.

Description

When custom domains are configured within an API Management service. A certificate must be assigned to allow traffic to be transmitted using TLS.

Each certificate has an expiry date, after which the certificate is not valid. After expiry, client connections to the API Management service will reject the certificate.

Recommendation

Consider renewing certificates before expiry to prevent service issues.

Notes

By default, this rule fails when certificates have less than 30 days remaining before expiry.

Rule configuration

AZURE_APIM_MINIMUM_CERTIFICATE_LIFETIME

By default, this rule fails if the days before a configured certificate expires is less than 30 days. To configure this rule, override the AZURE_APIM_MINIMUM_CERTIFICATE_LIFETIME configuration value with the minimum number of days until expiry.

Links

• RE:04 Target metrics
• Configure a custom domain name
• Azure deployment reference

Comments