In most cases, using a CDN Managed certificate with Azure CDN is the best route. Sometimes (for various reasons), the requirement to use an imported certificate arises. This is the “Use my own certificate” option in Azure CDN.
This will be my shortest post to date. My only goal is to document a strange behavior and share it with others who may encounter the same thing.
In brief, Azure Keyvault supports importing both PEM and PFX (pkcs12) certificate bundles. However, Azure CDN only supports PFX. If you attempt to apply a PEM formatted certificate to Azure CDN (from your Key Vault), you will receive the following error:
Failed to update custom domain properties The secret contains an unsupported content type. The content type needs to be application/x-pkcs12.
Or in context:
To fix this, simply use a pkcs12 (PFX) certificate bundle instead. You can convert your PEM certificate to PFX relatively easily using OpenSSL:
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile chain.crt
I hope this saves someone with a similar scenario a little time.