How to add a certificate to an Azure RM website with Powershell

后端 未结 3 1220
时光取名叫无心
时光取名叫无心 2020-12-04 00:40

Lightly related to How to add an SSL certificate to an azure website using powershell?

I am trying to add a certificate to an Azure RM website via Powershell.

相关标签:
3条回答
  • 2020-12-04 01:05

    In the latest release of Azure PowerShell v 1.1.0, there is a number of new commands to handle SSL certificates in Azure Web Apps

    You can upload the certificate and bind it to hostname using

    New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com
    

    And then remove the binding but without removing the certificate, the app should be able to use it after you add a app setting referencing that cert (this should be done using the portal - the PowerShell command to do so will come soon - No ETA for now)

    Remove-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -Name www.contoso.com -DeleteCertificate $false
    
    0 讨论(0)
  • 2020-12-04 01:06

    Looking through the ARM Template the "Microsoft.Web/certificates" template takes a pfxblob and a password.

    It seems the easiest way of obtaining a pfxblob is via New-AzureRmApplicationGatewaySslCertificate (thanks to @vigneshaj for the pointer) reading the source, it seems that this is simply a local conversation cmdlet. So it doesn't matter that it is for an application gateway, all we need is the data it passes back.

    $pfx = New-AzureRmApplicationGatewaySslCertificate -Name example `
            -CertificateFile E:\PS\example.pfx `
            -Password "bananas" 
    

    Once we have that data, we can simply plug it into New-AzureRmResource and it will create our certificate on Azure.

    The small problem with this, is that if you're a cheapskate (like me) and you've obtained a free cert from that Chinese CA that gives sha256 certs, this process will strip off the certificate that signs pages with sha256, and so it falls back to TLS 1.2, which gives errors (on Chrome at least)

    $ResourceLocation = "West Europe"
    $ResourceName = "Newcertificate"
    $PropertiesObject = @{
    pfxBlob = $pfx.Data
    password = $pfx.Password 
    }
    
    New-AzureRmResource -Name $ResourceName -Location $ResourceLocation `
                        -PropertyObject $PropertiesObject `
                        -ResourceGroupName examplecomRG `
                        -ResourceType Microsoft.Web/certificates `
                        -ApiVersion 2015-08-01 -Force
    

    The next job from there is configuring your Web App to use that cert. Because these properties are child objects of the hostNameSslStates array I created an inner hash table, and then attached that. I'm sure there's a more elegant way, but this worked!

    $ResourceName = "ConfuseioWebapp"
    $InnerPropertiesObject = @{
            name = "www.example.com"
            sslState = 1
            thumbprint = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
          }
    $PropertiesObject = @{
        "hostNameSslStates" = [Object[]]$InnerPropertiesObject 
    }
    
    New-AzureRmResource -Name $ResourceName `
                        -Location $ResourceLocation `
                        -PropertyObject $PropertiesObject `
                        -ResourceGroupName examplecomRG `
                        -ResourceType Microsoft.Web/sites `
                        -ApiVersion 2015-08-01 -Force
    

    And that is pretty much it.

    0 讨论(0)
  • 2020-12-04 01:08

    I came across the below article, which configures SSL through powershell, by creating Azure Application Gateway

    https://azure.microsoft.com/en-us/documentation/articles/application-gateway-ssl/

    0 讨论(0)
提交回复
热议问题