How to update the certificate for the Orchestrator deployed on an Azure PaaS instance?

To update the certificate for the Azure Orchestrator, follow the below steps:

Step 1: Update the Orchestrator app service

1. Open the Orchestrator app service and navigate to the "TLS/SSL settings" as shown below
2. Click on the "Private Key Certificates (.pfx)" tab and click on the "Upload Certificate" option
3. Upload the latest certificate here

Step 2: Update the Identity app service (For versions 2020.4+ where the Orchestrator is integrated with the Identity Server)

1. If the app service plan is different for orchestrator and identity App service then the certificate and it's chain should also be added to the identity app service following the same instruction given in step 1 for identity app service. Validate that the certificate is available and valid.
2. Identity Server app service configuration essentially needs to match the new certificate's thumbprint. Copy the "Thumbprint" for the new certificate.
3. Open the Identity Server app service and navigate as follows: "Configuration --> Application Settings"
4. Look for the following keys under the app settings and update them with the updated certificate thumbprint :
   • AppSettings__SigningCredentialSettings__StoreLocation__Name
   • WEBSITE_LOAD_CERTIFICATES

5. Restart the Azure app service.

This concludes the certificate update for the Azure Orchestrator.

The above step no 5 once you done any modification it will auto restart from the azure app service this is the actual Microsoft design so you no need to reset the app service manually.