Certificate services in Azure Keyvault

Solution
One reoccuring problem in IT is that services & systems stop working because an SSL-certificate has expired. In a perfect world we would have auto-renewal everywhere with automatic rotation, unfortunately this is not the case.
One solution is keeping all your certificates stored in an Azure Keyvault. When you upload your certificate, the keyvault will keep tabs on expiration-dates for you.
We will configure issuance-policy settings to ensure we are notified X days before certificates expire, once this is done we will configure a certificate contact for the keyvault, this could be your support-email.
This way we can avoid disruptions caused by expired SSL-certificates.
Setup
- Create a resourcegroup
az group create -n <RG Name> -l <location>
2. Create a keyvault
az keyvault create --name <KV name> -g <RG Name> -l <location>
Upload a certificate to the Keyvault & configure issuance policies
4. Issuance policy and expiry reminder settings
Add a certificate contact through Powershell
Add-AzKeyVaultCertificateContact -VaultName <vaultname> -EmailAddress <contact@email.com>