Import SSL certificates

Import SSL certs to establish secure access to the DuploCloud Portal
Establish secure access to the DuploCloud portal by importing SSL certificates, and creating and configuring the certificates in DuploCloud.
If you haven't already done so, contact the DuploCloud support staff via email or by using your private Slack channel. They will provide you with everything you need to accomplish this task and assist you with other needed prerequisites to set up DuploCloud for Azure.


Generating the PFX file

Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format.
To do this, enter the following using the command line:
openssl pkcs12 -export -out certificate.pfx -inkey <CERTIFICATE_PRIVATE_KEY>.key -in <SECURITY_CERTIFICATE_FILE>.crt -certfile <CERTIFICATE_BUNDLE>.crt
When running this command, you will be asked for a password to protect the PFX file. Note this password and store it in a secure place as you will need to provide it when importing the certificate to Azure KeyVault.
Password prompt when converting CRT file to PFX format

Importing SSL certificates to Azure

After you generate the PFX file, sign in to the Azure Portal and access Azure Key Vault.
  1. 1.
    Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.
    Azure Key Vaults in the Azure Portal
  2. 2.
    In Azure Key Vault, navigate to Objects -> Certificates and click Generate/Import.
    Generate/Import option in Azure Key Vault
  3. 3.
    When you click Generate/Import, the Create a Certificate form displays. In the Method of Certificate Creation field, select Import.
  4. 4.
    Name the Certificate, using the Certificate Name field.
  5. 5.
    Browse for a file to upload, using the Upload Certificate File field.
  6. 6.
    In the Password field, enter the password you set when you generated the PFX file.
    Create a Certificate form in Azure Key Vault
  7. 7.
    Click Create. Even though the certificate is created, notice that the certificate is not yet successfully imported into the vault, as indicated by the No certificates available message, as shown below. To import the certificate, you must obtain the Secret Identifier ARN of this certificate and then configure it in DuploCloud.
    No certificates available message in Azure Key Vault
  8. 8.
    On the Certificates page, select the certificate from the list, and open the CURRENT VERSION of the certificate, as shown below, to obtain the Secret Identifier.
    CURRENT VERSION of certificate
  9. 9.
    In the Certificate Version form, copy the Secret Identifier using the Copy Icon (
You will paste the ARN when you configure the certificate in DuploCloud.
Certificate Version form with Secret Identifier field

Configuring the SSL Certificate in DuploCloud

With the Secret Identifier in your Clipboard, you are now ready to configure the certificate in the DuploCloud Portal and
  1. 1.
    In the DuploCloud Portal, navigate to Administrator -> Plans.
  2. 2.
    Select the Plan to which you want to add the certificate from the Name column. The Plans page displays.
    Plans page in DuploCloud Portal
  3. 3.
    Click the Certificates tab.
    Certificates tab on the Plan page
  4. 4.
    Click Add. The Add a Certificate pane displays.
    Add a Certificate pane
  5. 5.
    Enter a Name for the certificate.
  6. 6.
    Paste the Secret Identifier that you obtained from the Azure Portal (it should be in your Clipboard) into the Certificate ARN field.
  7. 7.
    Click Create.

Using the SSL Certificate for Ingress in DuploCloud

Before attaching certificates with K8S Ingress in the DuploCloud Portal, create and configure an azure-application-gateway.
If you use Kubernetes Ingress, you can attach the certificate to the appropriate DuploCloud service in the DuploCloud portal by using the AKS / Native K8S Ingress option.
  1. 1.
    In the DuploCloud Portal, navigate to DevOps -> Containers -> AKS / Native.
  2. 2.
    Click the K8S Ingress tab. On the Ingress page, select the Ingress instance for the azure- application-gateway.
  3. 3.
    Click the Ingress Rules tab.
  4. 4.
    From the Actions menu, select Edit.
    Ingress Rules tab
  5. 5.
    On the Edit Kubernetes Ingress page, select the certificate that you want to attach from the Certificate ARN list box.
    Edit Kubernetes Ingress page
  6. 6.
    Click Update.
The certificate is attached to the Ingress application gateway and is available to the service.