I have a function app which calls another API with a certificate. This certificate (.pfx) file is already present in the key vault. I am using below ARM template to import the certificate to SSL settings of the function app. Note: the function app gets deployed fine when I remove section "hostNameSslStates". But after adding it, I get - "Code": "Conflict", "Message": "The certificate with thumbprint 'XXXXXXXX' does not match the hostname
'blobcreate-eventgridtrigger-functionapp.azurewebsites.net'."
ARM Template resources section- ` "resources": [
//StorageAccount { "type": "Microsoft.Storage/storageAccounts", "apiVersion": "2019-06-01", "name": "[parameters('storageAccounts_name')]", "location": "[resourceGroup().location]", "sku": { "name": "[parameters('storageSKU')]", "tier": "Standard" }, "kind": "StorageV2", "properties": { "networkAcls": { "bypass": "AzureServices", "virtualNetworkRules": [], "ipRules": [], "defaultAction": "Allow" }, "supportsHttpsTrafficOnly": true, "encryption": { "services": { "file": { "keyType": "Account", "enabled": true }, "blob": { "keyType": "Account", "enabled": true } }, "keySource": "Microsoft.Storage" }, "accessTier": "Hot" } }, //BlobService { "type": "Microsoft.Storage/storageAccounts/blobServices", "apiVersion": "2019-06-01", "name": "[variables('blobServiceName')]", "dependsOn": ["[variables('storageAccountResourceId')]"], "sku": { "name": "[parameters('storageSKU')]"//, // "tier": "Standard" }, "properties": { "cors": { "corsRules": [] }, "deleteRetentionPolicy": { "enabled": false } } }, //function app with server farm //cert store access policies update- { "type": "Microsoft.KeyVault/vaults", "name": "testARMTemplateKeyVault", "apiVersion": "2016-10-01", "location": "[resourceGroup().location]", "properties": { "sku": { "family": "A", "name": "standard" }, "tenantId": "c29678d0-eceb-4df2-a225-79cf795a6b64", "accessPolicies": [ { "tenantId": "tenantIdOfSubscription", //obtained from Get-AzTenant "objectId": "objectid of Microsoft Azure App Service", //obtained from Get-AzADServicePrincipal "permissions": { "keys": [ "Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore" ], "secrets": [ "Get", "List", "Set", "Delete", "Recover", "Backup", "Restore" ], "certificates": [ "Get", "List", "Update", "Create", "Import", "Delete", "Recover", "ManageContacts", "ManageIssuers", "GetIssuers", "ListIssuers", "DeleteIssuers" ], "storage": [] } } ], "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": true, "enableSoftDelete": true } }, { "type": "Microsoft.Web/serverfarms", "apiVersion": "2018-02-01", "name": "[variables('azurefunction_hostingPlanName')]", "location": "[resourceGroup().location]", "sku": { "name": "Y1", "tier": "Dynamic" }, "properties": { "name": "[variables('azurefunction_hostingPlanName')]", "computeMode": "Dynamic" } }, { "type": "Microsoft.Web/certificates", "name": "testingcert", "apiVersion": "2016-03-01", "location": "[resourceGroup().location]", "properties": { "keyVaultId": "[resourceId('Microsoft.KeyVault/vaults', 'testARMTemplateKeyVault')]", "keyVaultSecretName": "testingcert", "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('azurefunction_hostingPlanName'))]" } }, { "apiVersion": "2018-11-01", "type": "Microsoft.Web/sites", "name": "[parameters('functionAppName')]", "location": "[resourceGroup().location]", "kind": "functionapp", "dependsOn": [ "[variables('azureFunction_serverFarmResourceId')]", "[variables('storageAccountResourceId')]", "[resourceId('Microsoft.Web/certificates', 'testingcert')]" ], "properties": { "serverFarmId": "[variables('azureFunction_serverFarmResourceId')]", "siteConfig": { "appSettings": [ { "name": "AzureWebJobsStorage", "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccounts_name'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),variables('storageAccountApiVersion')).keys[0].value)]" }, { "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING", "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccounts_name'), ';AccountKey=', listKeys(variables('storageAccountResourceId'),variables('storageAccountApiVersion')).keys[0].value)]" }, { "name": "WEBSITE_CONTENTSHARE", "value": "[toLower(parameters('functionAppName'))]" }, { "name": "FUNCTIONS_EXTENSION_VERSION", "value": "~2" }, { "name": "WEBSITE_NODE_DEFAULT_VERSION", "value": "~10" }, { "name": "APPINSIGHTS_INSTRUMENTATIONKEY", "value": "[reference(resourceId('microsoft.insights/components/', parameters('functionApp_applicationInsightsName')), '2015-05-01').InstrumentationKey]" }, { "name": "FUNCTIONS_WORKER_RUNTIME", "value": "dotnet" }, { "name": "WEBSITE_LOAD_CERTIFICATES", "value": "required certificate thumprint" } ] }, "hostNameSslStates": [ { "name": "blobcreate-eventgridtrigger-functionapp.azurewebsites.net",//obtained from custom domains flatform features of the function app "sslState": "SniEnabled", "thumbprint": "[reference(resourceId('Microsoft.Web/certificates', 'testingcert')).Thumbprint]", "toUpdate": true } ] } } ]` 
