Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a new cert, base64 encode it and put it in KeyVault
#Requires -Module AzureRM.KeyVault
# Use this script to create a certificate that you can use to secure a Service Fabric Cluster or other VM/SSL scenario
# This script requires an existing KeyVault that is EnabledFor[Template]Deployment (property depends on the scenario)
# To create a new vault and set the EnabledForDeployment/EnabledForTemplateDeployment property run:
#
# New-AzureRmResourceGroup -Name KeyVaults -Location WestUS
# New-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName KeyVaults -Location WestUS -EnabledForDeployment -EnabledForTempalteDeployment
#
# Once the certificate is created and stored in the vault, the script will provide the parameter values needed for template deployment
#
param(
[string] [Parameter(Mandatory=$true)] $Password,
[string] [Parameter(Mandatory=$true)] $CertDNSName,
[string] [Parameter(Mandatory=$true)] $KeyVaultName,
[string] [Parameter(Mandatory=$true)] $KeyVaultSecretName
)
$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
$CertFileFullPath = $(Join-Path (Split-Path -Parent $MyInvocation.MyCommand.Definition) "\$CertDNSName.pfx")
$NewCert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName $CertDNSName
Export-PfxCertificate -FilePath $CertFileFullPath -Password $SecurePassword -Cert $NewCert
$Bytes = [System.IO.File]::ReadAllBytes($CertFileFullPath)
$Base64 = [System.Convert]::ToBase64String($Bytes)
$JSONBlob = @{
data = $Base64
dataType = 'pfx'
password = $Password
} | ConvertTo-Json
$ContentBytes = [System.Text.Encoding]::UTF8.GetBytes($JSONBlob)
$Content = [System.Convert]::ToBase64String($ContentBytes)
$SecretValue = ConvertTo-SecureString -String $Content -AsPlainText -Force
$NewSecret = Set-AzureKeyVaultSecret -VaultName $KeyVaultName -Name $KeyVaultSecretName -SecretValue $SecretValue -Verbose
Write-Host
Write-Host "Source Vault Resource Id: "$(Get-AzureRmKeyVault -VaultName $KeyVaultName).ResourceId
Write-Host "Certificate URL : "$NewSecret.Id
Write-Host "Certificate Thumbprint : "$NewCert.Thumbprint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment