Hello @Gregorio Montaño ,
Thank you for the update.
I understand that you would like to integrate your Application gateway with Keyvault for certificate management and would like to know how to implement the same without any downtime.
I discussed this requirement with the backend team and below is the update from their end:
If you rotate certificates in KeyVault, Application gateway will automatically pick up the change after 4 hours: TLS termination with Azure Key Vault certificates | Microsoft Learn
If you need centralized certificate management for your backend services, Key Vault would be the way to go as well. However, management of your backend services needs to be done by you manually, there is nothing Application Gateway does to manage certificate management for the backend service.
Refer : https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#import-a-certificate-from-key-vault
Application Gateway Frontend -> Server Backend traffic is independent configuration from Client -> Application Gateway Frontend; thus either order in changing the certificate is fine as long as proper configuration is maintained for both scenarios.
However, as I mentioned before, there could be some impact while making the configuration changes with Keyvault or mis-configuration.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/key-vault-certs#investigating-and-resolving-key-vault-errors
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.