# Import SSL Certificates Establish secure access to the DuploCloud portal by importing SSL certificates and configuring them within DuploCloud. {% hint style="warning" %} If you haven't already done so, contact the DuploCloud support staff via email or by using your private Slack channel. They will provide you with everything you need to accomplish this task and assist you with other needed prerequisites to set up DuploCloud for Azure. {% endhint %} ## Prerequisites * **Contact DuploCloud support**: Contact DuploCloud staff via email or your private Slack channel to request the following for SSL certificate setup and configuration: * Security Certificate (`.crt`) file * Certificate Private Key * Certificate Bundle (`.crt`) containing the Intermediate and Root Certificates. You can download the Certificate Bundle from . ## 1. Generating the PFX File Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format. To do this, enter the following using the command line: ```bash openssl pkcs12 -export -out certificate.pfx -inkey .key -in .crt -certfile .crt ``` {% hint style="warning" %} When running this command, you will be prompted to create a password. Save it securely; you'll need it when importing the certificate to Azure KeyVault. {% endhint %}

Password prompt when converting CRT file to PFX format

## 2. Importing SSL Certificates to Azure Key Vault After you generate the PFX file, import it to Azure Key Vault: 1. Sign in to the Azure Portal and access Azure Key Vault. 2. Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.

3. In Azure Key Vault, navigate to **Objects** -> **Certificates**.

**Generate/Import** option in Azure Key Vault

4. Click **Generate/Import**. The **Create a Certificate** form displays. 5. In the **Method of Certificate Creation** field, select **Import**. 6. Name the Certificate in the **Certificate Name** field. 7. Upload the PFX file using the **Upload Certificate File** field. 8. In the **Password** field, enter the password you set when you [generated the PFX file](#id-1.-generating-the-pfx-file).

**Create a Certificate** form in Azure Key Vault

9. Click **Create**. The certificate is created, but not yet available for use, as indicated by the message: **There are no certificates available** message. In the remaining steps, we will complete the import by copying the certificate’s Secret Identifier ARN and configuring it in DuploCloud.

**There are no certificates available** message in Azure Key Vault

10. On the **Certificates** page, select the certificate and open its **current version**.

11. Copy the **Secret Identifier** using the Copy Icon (![](/files/35aHwk1zy6rCwtQd2Dn2)). You will paste it when you [configure the certificate in DuploCloud](#configuring-the-certificate-in-duplocloud) in the next step.

**Certificate Version** form with **Secret Identifier** field and copy icon highlighted

## 3. Configuring the SSL Certificate in DuploCloud With the Secret Identifier copied to your clipboard, you are ready to configure the certificate in the DuploCloud Portal: 1. In the DuploCloud Portal, navigate to **Administrator** -> **Plans**. 2. Select the Plan to which you want to add the certificate from the **NAME** column. The **Plan** details page displays. 3. Select the **Certificates** tab.

**Certificates** tab on the **Plan** page

4. Click **Add**. The **Add a Certificate** pane displays.

5. Enter a **Name** for the certificate. 6. Paste the Secret Identifier you copied from the Azure Portal into the **Certificate ARN** field. 7. Click **Create**. ## 4. Using the SSL Certificate for Ingress in DuploCloud (Optional) Before attaching SSL certificates to a Kubernetes Ingress resource in DuploCloud, ensure an [Azure Application Gateway](/docs/automation-platform/kubernetes-overview/ingress-loadbalancer/aks-ingress/using-an-azure-application-gateway-ssl-policy-with-ingress.md) is already created and configured. Once the Application Gateway is set up, you can attach the certificate to an Ingress resource: 1. In the DuploCloud Portal, navigate to **Kubernetes** -> **Ingress**. 2. Locate the Ingress associated with the Azure Application Gateway. Click the menu icon (

) on that row and select **Edit**. The **Edit Kubernetes Ingress** pane displays. 3. Select the certificate from the **Certificate ARN** dropdown.

5. Click **Update**. The SSL certificate is now attached to the Ingress and will be used by the Application Gateway for HTTPS traffic. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.duplocloud.com/docs/automation-platform/overview-2/prerequisites/import-ssl-certificates.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.