Skip to content

API Management uses current certificates#

Operational Excellence · API Management · Azure.APIM.CertificateExpiry

Renew certificates used for custom domain bindings.

Description#

When custom domains are configured within an API Management service. A certificate must be assigned to allow traffic to be transmitted using TLS.

Each certificate has an expiry date, after which the certificate is not valid. After expiry, client connections to the API Management service will reject the certificate.

Recommendation#

Consider renewing certificates before expiry to prevent service issues.

Notes#

By default, this rule fails when certificates have less than 30 days remaining before expiry.

To configure this rule:

  • Override the Azure_MinimumCertificateLifetime configuration value with the minimum number of days until expiry.

Last update: 2021-09-24