PFX size limit error on Azure application gateway configuration

Question

I am trying to configure azure application gateway. I provided .pfx file for https listener configuration. But when i tried to create Azure application gateway, I am getting below error

   {
      "code": "InvalidTemplateDeployment",
      "message": "The template deployment 'Microsoft.ApplicationGateway-20210324165226' is not valid according to the validation procedure. The tracking id is '808d9e19-ad0c-4a8a-a09f-df7c0bc38399'. See inner errors for details.",
      "details": [
        {
          "code": "ApplicationGatewaySslCertificateDataTooBig",
          "message": "Data too big for certificate /subscriptions/yyy/resourceGroups/xxx-resources/providers/Microsoft.Network/applicationGateways/app-gateway/sslCertificates/my-pfx. Max data length supported is 16384.",
          "details": []
        }
      ]

}

Could anyone help here?

Answer 1

I came across a similar problem trying to upload a 14209 bytes .pfx file containing a 4096 bits key to Azure Application Gateway, the root and intermediate certificates. The upload was refused with the following error:

Failed to save configuration changes to application gateway: Data too big for certificate. Max data length supported is 16384.

After removing the root and intermediate certificates from the .pfx file, the file size decreased to 9793 bytes and upload to Azure Application Gateway succeeded. TLS works as expected.

My conclusion: there is no limitation on the key size itself, but there is a .pfx file size limit.