Created
May 25, 2018 23:05
-
-
Save bmoore-msft/425b79b7b7e226264554ec534b956a48 to your computer and use it in GitHub Desktop.
Create a new cert, base64 encode it and put it in KeyVault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Module AzureRM.KeyVault | |
# Use this script to create a certificate that you can use to secure a Service Fabric Cluster or other VM/SSL scenario | |
# This script requires an existing KeyVault that is EnabledFor[Template]Deployment (property depends on the scenario) | |
# To create a new vault and set the EnabledForDeployment/EnabledForTemplateDeployment property run: | |
# | |
# New-AzureRmResourceGroup -Name KeyVaults -Location WestUS | |
# New-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName KeyVaults -Location WestUS -EnabledForDeployment -EnabledForTempalteDeployment | |
# | |
# Once the certificate is created and stored in the vault, the script will provide the parameter values needed for template deployment | |
# | |
param( | |
[string] [Parameter(Mandatory=$true)] $Password, | |
[string] [Parameter(Mandatory=$true)] $CertDNSName, | |
[string] [Parameter(Mandatory=$true)] $KeyVaultName, | |
[string] [Parameter(Mandatory=$true)] $KeyVaultSecretName | |
) | |
$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force | |
$CertFileFullPath = $(Join-Path (Split-Path -Parent $MyInvocation.MyCommand.Definition) "\$CertDNSName.pfx") | |
$NewCert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName $CertDNSName | |
Export-PfxCertificate -FilePath $CertFileFullPath -Password $SecurePassword -Cert $NewCert | |
$Bytes = [System.IO.File]::ReadAllBytes($CertFileFullPath) | |
$Base64 = [System.Convert]::ToBase64String($Bytes) | |
$JSONBlob = @{ | |
data = $Base64 | |
dataType = 'pfx' | |
password = $Password | |
} | ConvertTo-Json | |
$ContentBytes = [System.Text.Encoding]::UTF8.GetBytes($JSONBlob) | |
$Content = [System.Convert]::ToBase64String($ContentBytes) | |
$SecretValue = ConvertTo-SecureString -String $Content -AsPlainText -Force | |
$NewSecret = Set-AzureKeyVaultSecret -VaultName $KeyVaultName -Name $KeyVaultSecretName -SecretValue $SecretValue -Verbose | |
Write-Host | |
Write-Host "Source Vault Resource Id: "$(Get-AzureRmKeyVault -VaultName $KeyVaultName).ResourceId | |
Write-Host "Certificate URL : "$NewSecret.Id | |
Write-Host "Certificate Thumbprint : "$NewCert.Thumbprint |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment