Adding SSL_Certificate to app-gateway

Been trying to get this working for over 3 hours to no avail.

I have a certificate that i have successfully uploaded to key-vault.
During the import process I had to input the certificate password which was fine.

I am now trying to reference an SSL Certificate for an azure app-gateway.

I am trying to add a https listener to my application-gateway. My current set-up is as follows.

http_listener {
name = “https-listener”
frontend_ip_configuration_name = “frontip”
frontend_port_name = “frontend”
protocol = “Https”
host_name = “blabla”
ssl_certificate_name = “ssl-wild”

i have a ssl_certificate block which is needed according to the docs.
azurerm_application_gateway | Resources | hashicorp/azurerm | Terraform Registry

ssl_certificate {
name = “ssl-wild”
data = data.azurerm_key_vault_certificate.key-vault-certificate.certificate_data_base64
password = “”

i have a data reference to the key-vault certificate and the key-vault which looks like this.

data “azurerm_key_vault” “key_vault” {
name = var.key_vault_name
resource_group_name = var.key_vault_rg

data “azurerm_key_vault_certificate” “key-vault-certificate” {
name = “wildcert”
key_vault_id =

The error i am getting is

ssl-wild does
not have Private Key." Details=

I have tried the original password used for the import into key_vault as the password too, to no avail. I have also tried omitting “password” altogether but this throws the same error.

Help would be appreciated. The TF community has been great.