Certificates

When a track is created it is default equipped with a self-signed certificate stored in Cosmos DB, called a contained certificate. The certificate can afterword's be updated / changed and likewise the certificate container type can be changed.

There are tree different certificate container types:

Contained certificates (default)

• Certificates is stored in Cosmos DB including private key.
• Self-signed certificates is created by FoxIDs or you can upload your one certificates.
• Support primary and secondary certificates, and certificate swap.
• Not automatically renewed.
• No cost per signing.

Key Vault, renewed self-signed certificates

• Certificates is stored in Key Vault and the private key is not exportable.
• Self-signed certificates is created by Key Vault.
• Automatically renewed with 3 month validity period. Renewed 10 days before expiration and exposed as the secondary certificate. Promoted to be the primary certificate 5 days before expiration.
• Key Vault cost per signing.

Key Vault, upload your one certificate (future support)

• Certificates is stored in Key Vault and the private key is not exportable.
• Not automatically renewed.
• Key Vault cost per signing.