Updating Resource Group references for Azure Key Vault and App Service Certificate.

Created a wild card SSL certificate in the Azure Portal. The process was very painless and this tutorial online describes the process in great detail.

Just on update from me on it is that you'll have to wait a little longer after the cert is available in the App Service Certificate like 5-10 minutes and then you can add the cert to your web app via the Web App SSL Blade in the Azure Portal.

If you move your App Service Certificate or the associate Key Vault from one resource group to another, you will be prevented.

However, if you unbind the cert and then move both the cert and the key store, you can move them to a new resource group. This time however, even though the cert will be populated in the SSL Blade of the Web App, you will not be able to rebind them, even though the cert has been populated in the SSL Blade.

Turns out the issue is related to a stale reference within the Key Vault pointing to the certificate reference that needs to be updated. Here are the steps you should use to update the reference.

Run from PowerShell:

Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId {your subscription id} $resourceProperties = @{"KeyVaultId"="/subscriptions/{your subscription id}/resourceGroups/{your resource group where the key value is}/providers/Microsoft.KeyVault/vaults/{your vault name}" "KeyVaultSecretName"="{your vault secret key}"};`

New-AzureRmResource -Location "global" -Properties $resourceProperties -ResourceName "{resource name with the cert}" -ResourceType "microsoft.CertificateRegistration/certificateOrders/certificates" -ResourceGroupName "{your resource group where the cert is located}" -Force

After this the key vault reference should be updated to reflect your resource group layout and you should now be able to rebind the existing certificate with your Web App in the SSL Blade, located in the Web App Blade.