codingoutloud/Publish-CertFromKeyVaultToWebApp.ps1

## Publish-CertFromKeyVaultToWebApp.ps1
Login-AzureRmAccount
Select-AzureRmSubscription -SubscriptionName AzureFAQ # subscription where the Web App resides

$webAppName = "pageofphotos" # Web App resource Name, (Get-AzureRmWebApp)[0].Name
$fqdn = "pageofphotos.com" # what is the DNS address? could be admin.pageofphotos.com if that's what's mapped

$vaultName = "GlobalOpsVault"
$certificateName = "MySSL"

$passwordLength = 50
$minNumberOfNonAlphanumericCharacters = 1
# password is not remembered beyond the life of this script
$pfxPassword = [System.Web.Security.Membership]::GeneratePassword($passwordLength, $minNumberOfNonAlphanumericCharacters)

# following incantation via Subrata Sen
$pfxSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
$pfxUnprotectedBytes = [Convert]::FromBase64String($pfxSecret.SecretValueText)
$pfx = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($pfxUnprotectedBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxProtectedBytes = $pfx.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $pfxPassword)

$pfxPath = $env:TEMP + "\$certificateName.pfx"
[IO.File]::WriteAllBytes($pfxPath, $pfxProtectedBytes)

$webAppId = (Get-AzureRmWebApp -Name $webAppName).id
$webAppResourceGroupName = (Get-AzureRmWebApp -Name $webAppName).ResourceGroup

New-AzureRmWebAppSSLBinding `
    -CertificateFilePath $pfxPath `
    -CertificatePassword $pfxPassword `
    -Name $fqdn `
    -ResourceGroupName $webAppResourceGroupName `
    -WebAppName $webAppName `
    -SslState SniEnabled

Remove-Item $pfxPath
	Login-AzureRmAccount
	Select-AzureRmSubscription -SubscriptionName AzureFAQ # subscription where the Web App resides

	$webAppName = "pageofphotos" # Web App resource Name, (Get-AzureRmWebApp)[0].Name
	$fqdn = "pageofphotos.com" # what is the DNS address? could be admin.pageofphotos.com if that's what's mapped

	$vaultName = "GlobalOpsVault"
	$certificateName = "MySSL"

	$passwordLength = 50
	$minNumberOfNonAlphanumericCharacters = 1
	# password is not remembered beyond the life of this script
	$pfxPassword = [System.Web.Security.Membership]::GeneratePassword($passwordLength, $minNumberOfNonAlphanumericCharacters)

	# following incantation via Subrata Sen
	$pfxSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
	$pfxUnprotectedBytes = [Convert]::FromBase64String($pfxSecret.SecretValueText)
	$pfx = New-Object Security.Cryptography.X509Certificates.X509Certificate2
	$pfx.Import($pfxUnprotectedBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
	$pfxProtectedBytes = $pfx.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $pfxPassword)

	$pfxPath = $env:TEMP + "\$certificateName.pfx"
	[IO.File]::WriteAllBytes($pfxPath, $pfxProtectedBytes)

	$webAppId = (Get-AzureRmWebApp -Name $webAppName).id
	$webAppResourceGroupName = (Get-AzureRmWebApp -Name $webAppName).ResourceGroup

	New-AzureRmWebAppSSLBinding `
	-CertificateFilePath $pfxPath `
	-CertificatePassword $pfxPassword `
	-Name $fqdn `
	-ResourceGroupName $webAppResourceGroupName `
	-WebAppName $webAppName `
	-SslState SniEnabled

	Remove-Item $pfxPath