"Failed to create the secret" error in Azure Front Door

Anonymous
2024-06-05T12:41:08.1033333+00:00

Hello, currently I'm trying to assign my storage account's static website an Azure Front Door instance with a custom URL. This way, when someone accesses the custom domain associated with the front door instance, they'll access my static website. I've created a key vault and uploaded the certificate into the key vault for the custom domain. When I navigate to the "Secrets" blade in the Azure Front Door and CDN profile and try to add the certificate to Front Door, I receive the below error:

"Failed to create the secret '_'. Error: Customer key vault returned error that we do not recognize, please check the status of provided key vault."

How would I go about fixing this issue?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,171 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
622 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,863 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,575 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vlad Costa 780 Reputation points
    2024-06-06T07:11:06.58+00:00

    The error message typically indicates that Azure Front Door doesn’t have the necessary permissions to access the secret in your Key Vault. Here are some steps you can follow to resolve this issue:

    1. Register Azure Front Door: Register the service principal for Azure Front Door as an app in your Microsoft Entra ID (Azure AD) using Azure PowerShell or the Azure CLI. The Application Id is 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8.
    2. Grant Azure Front Door access to your key vault: In your key vault account, select Access policies and create a new access policy with Get Secret & Certificate permissions to allow Front Door to retrieve the certificate. In Select Principal, search for 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8, and select Microsoft.AzureFrontDoor-Cdn.

    If you’ve already done these steps and are still encountering the issue, it might be worth trying them again.

    If you find this response helpful and it resolves your issue, please consider marking it as “Accepted” or giving it an upvote. This will help others in the community find the solution more easily.

    0 comments