### Terraform Version ```shell │ 1.14.0 ``` ### Terraform Configuration Files Reading content from key vault (storing PFX certificate as b64 string in secrets, and password of cert as well): ```**terraform** data "azurerm_key_vault_secret" "cert-pw" { key_vault_id = var.key-vault-id name = "appgw-cert-password" } data "azurerm_key_vault_secret" "cert-b64" { key_vault_id = var.key-vault-id name = "appgw-cert-secured" } module "appgw-public-ip" { source = "../../../modules/Azure/azure-public-ip" location = var.location resourcegroup-name = var.resourcegroup-name sku = "Standard" name = "${local.appgw-name}-pip" } module "user-assigned-identity" { source = "../../../modules/Azure/azure-user-assigned-identity" location = var.location resource-group = var.resourcegroup-name name = "uid-${local.appgw-name}" } module "uid-kv-permission" { depends_on = [ module.user-assigned-identity ] source = "../../../modules/Azure/azure-role-assignment" principal-id = module.user-assigned-identity.principal-id role-name = "Key Vault Certificate User" scope = var.key-vault-id } module "uid-kv-permission-secret" { depends_on = [ module.user-assigned-identity ] source = "../../../modules/Azure/azure-role-assignment" principal-id = module.user-assigned-identity.principal-id role-name = "Key Vault Secrets User" scope = var.key-vault-id } resource "azurerm_application_gateway" "appgw" { name = local.appgw-name location = var.location identity { type = "UserAssigned" identity_ids = [ module.user-assigned-identity.object-id ] } resource_group_name = var.resourcegroup-name sku { capacity = 1 name = "Standard_v2" tier = "Standard_v2" } http_listener { host_name = "" name = "https-listener" protocol = "Https" require_sni = true ssl_certificate_name = "https-certificate" frontend_port_name = "https" frontend_ip_configuration_name = "public" } ssl_certificate { data = data.azurerm_key_vault_secret.cert-b64.value password = data.azurerm_key_vault_secret.cert-pw.value name = "https-certificate" } backend_address_pool { name = "pool-${var.backend-app.name}" fqdns = [ var.backend-app.url ] } backend_address_pool { name = "pool-${var.frontend-app.name}" fqdns = [ var.frontend-app.url ] } backend_http_settings { name = "https-${var.frontend-app.name}" pick_host_name_from_backend_address = true protocol = "Https" port = 443 path = "/" cookie_based_affinity = "Disabled" } backend_http_settings { name = "https-${var.backend-app.name}-api" pick_host_name_from_backend_address = true protocol = "Https" port = 443 path = "/api" cookie_based_affinity = "Disabled" } backend_http_settings { name = "https-${var.backend-app.name}-socketio" pick_host_name_from_backend_address = true protocol = "Https" port = 443 path = "/socket.io" cookie_based_affinity = "Disabled" } frontend_port { name = "https" port = 443 } gateway_ip_configuration { name = "default" subnet_id = var.subnet-id } request_routing_rule { name = "https-rule" rule_type = "PathBasedRouting" http_listener_name = "https-listener" priority = 100 url_path_map_name = "default-map" } url_path_map { name = "default-map" default_backend_address_pool_name = "pool-${var.frontend-app.name}" default_backend_http_settings_name = "https-${var.frontend-app.name}" path_rule { backend_address_pool_name = "pool-${var.backend-app.name}" backend_http_settings_name = "https-${var.backend-app.name}-api" name = "api-backend-rule" paths = ["/api/*"] } path_rule { backend_address_pool_name = "pool-${var.backend-app.name}" backend_http_settings_name = "https-${var.backend-app.name}-socketio" name = "socketio-backend-rule" paths = ["/socketio/*"] } } frontend_ip_configuration { name = "public" public_ip_address_id = module.appgw-public-ip.public-ip-id } } ``` ### Debug Output ``` **During Azure application gateway ssl certificate installation fails continously with error: Application Gateway Name: ""): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: ApplicationGatewaySslCertificateDataTooBig: Data too big for certificate /subscriptions//resourceGroups//providers/Microsoft.Network/applicationGateways//sslCertificates/. Max data length supported is 16384.** ``` Validated size of base64 content, and it is around 8K. ### Expected Behavior It should apply with 8K certificate. It also should not have size limit for certificates. If a certificate chain is long, its size can be higher. Why this part has size limit at all? ### Actual Behavior Dropping error message. ``` **During Azure application gateway ssl certificate installation fails continously with error: Application Gateway Name: ""): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: ApplicationGatewaySslCertificateDataTooBig: Data too big for certificate /subscriptions//resourceGroups//providers/Microsoft.Network/applicationGateways//sslCertificates/. Max data length supported is 16384.** ``` ### Steps to Reproduce 1. put a pfx certificate and its password into key vault as a secret (in base64 encoded) 2. during deployment read these values as data 3. giving these values to the resource module or to resource ### Additional Context _No response_ ### References _No response_ ### Generative AI / LLM assisted development? _No response_