dennisroche/LoadAzureCertificate.ps1

## LoadAzureCertificate.ps1
$pfx = $OctopusParameters["PrimarySigningCertificate.Pfx"]
$thumbprint = $OctopusParameters["PrimarySigningCertificate.Thumbprint"]
$appName = "auth-api-$AzureEnvironment"

function Set-AzureRmCertificate($ResourceGroupName, $Location, $Pfx, $Thumbprint) {
    $ResourceLocation = $Location
    $ResourceName = $Thumbprint
    $PropertiesObject = @{
        pfxBlob = $Pfx;
        password = ""
    }

    New-AzureRmResource -Name $ResourceName `
        -Location $ResourceLocation `
        -PropertyObject $PropertiesObject `
        -ResourceGroupName $ResourceGroupName `
        -ResourceType Microsoft.Web/certificates `
        -ApiVersion 2015-08-01 `
        -Force
}

function Set-AzureRmWebAppCertificateLoad($ResourceGroupName, $WebAppName, $Thumbprint) {
    $settings = Invoke-AzureRmResourceAction -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/sites/Config -ResourceName "$WebAppName/appSettings" -Action "list" -ApiVersion 2015-08-01 -Force
    $hash = @{}
    $settings.properties | Get-Member -MemberType NoteProperty | % { $hash[$_.Name] = $settings.properties.($_.Name) }

    if ((-not $hash.WEBSITE_LOAD_CERTIFICATES) -or ($hash.WEBSITE_LOAD_CERTIFICATES -ne $Thumbprint)) {
        Write-Output "Changing site setting to load the signing thumbprint"
        $hash.WEBSITE_LOAD_CERTIFICATES = $Thumbprint
        Set-AzureRmWebApp -AppSettings $hash -Name $WebAppName -ResourceGroupName $ResourceGroupName
    }
}

$existing = Get-AzureRmWebAppCertificate -ResourceGroupName $AzureResourceGroup -Thumbprint $thumbprint
if (-not $existing) {
    Write-Output "Uploading signing certificate to Azure"
    Set-AzureRmCertificate -ResourceGroupName $AzureResourceGroup -Location $AzureResourceGroupLocation -Pfx $pfx -Thumbprint $thumbprint
}

Set-AzureRmWebAppCertificateLoad -ResourceGroupName $AzureResourceGroup -WebAppName $appName -Thumbprint $thumbprint
	$pfx = $OctopusParameters["PrimarySigningCertificate.Pfx"]
	$thumbprint = $OctopusParameters["PrimarySigningCertificate.Thumbprint"]
	$appName = "auth-api-$AzureEnvironment"

	function Set-AzureRmCertificate($ResourceGroupName, $Location, $Pfx, $Thumbprint) {
	$ResourceLocation = $Location
	$ResourceName = $Thumbprint
	$PropertiesObject = @{
	pfxBlob = $Pfx;
	password = ""
	}

	New-AzureRmResource -Name $ResourceName `
	-Location $ResourceLocation `
	-PropertyObject $PropertiesObject `
	-ResourceGroupName $ResourceGroupName `
	-ResourceType Microsoft.Web/certificates `
	-ApiVersion 2015-08-01 `
	-Force
	}

	function Set-AzureRmWebAppCertificateLoad($ResourceGroupName, $WebAppName, $Thumbprint) {
	$settings = Invoke-AzureRmResourceAction -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/sites/Config -ResourceName "$WebAppName/appSettings" -Action "list" -ApiVersion 2015-08-01 -Force
	$hash = @{}
	$settings.properties \| Get-Member -MemberType NoteProperty \| % { $hash[$_.Name] = $settings.properties.($_.Name) }

	if ((-not $hash.WEBSITE_LOAD_CERTIFICATES) -or ($hash.WEBSITE_LOAD_CERTIFICATES -ne $Thumbprint)) {
	Write-Output "Changing site setting to load the signing thumbprint"
	$hash.WEBSITE_LOAD_CERTIFICATES = $Thumbprint
	Set-AzureRmWebApp -AppSettings $hash -Name $WebAppName -ResourceGroupName $ResourceGroupName
	}
	}

	$existing = Get-AzureRmWebAppCertificate -ResourceGroupName $AzureResourceGroup -Thumbprint $thumbprint
	if (-not $existing) {
	Write-Output "Uploading signing certificate to Azure"
	Set-AzureRmCertificate -ResourceGroupName $AzureResourceGroup -Location $AzureResourceGroupLocation -Pfx $pfx -Thumbprint $thumbprint
	}

	Set-AzureRmWebAppCertificateLoad -ResourceGroupName $AzureResourceGroup -WebAppName $appName -Thumbprint $thumbprint