Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Get an SSL Cert from Key Vault and push it to a Web App
Select-AzureRmSubscription -SubscriptionName AzureFAQ # subscription where the Web App resides
$webAppName = "pageofphotos" # Web App resource Name, (Get-AzureRmWebApp)[0].Name
$fqdn = "" # what is the DNS address? could be if that's what's mapped
$vaultName = "GlobalOpsVault"
$certificateName = "MySSL"
$passwordLength = 50
$minNumberOfNonAlphanumericCharacters = 1
# password is not remembered beyond the life of this script
$pfxPassword = [System.Web.Security.Membership]::GeneratePassword($passwordLength, $minNumberOfNonAlphanumericCharacters)
# following incantation via Subrata Sen
$pfxSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
$pfxUnprotectedBytes = [Convert]::FromBase64String($pfxSecret.SecretValueText)
$pfx = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($pfxUnprotectedBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxProtectedBytes = $pfx.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $pfxPassword)
$pfxPath = $env:TEMP + "\$certificateName.pfx"
[IO.File]::WriteAllBytes($pfxPath, $pfxProtectedBytes)
$webAppId = (Get-AzureRmWebApp -Name $webAppName).id
$webAppResourceGroupName = (Get-AzureRmWebApp -Name $webAppName).ResourceGroup
New-AzureRmWebAppSSLBinding `
-CertificateFilePath $pfxPath `
-CertificatePassword $pfxPassword `
-Name $fqdn `
-ResourceGroupName $webAppResourceGroupName `
-WebAppName $webAppName `
-SslState SniEnabled
Remove-Item $pfxPath
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment