Last active
November 27, 2016 22:57
-
-
Save sjwaight/ff1f74632a3d5811680182c8d29dfb94 to your computer and use it in GitHub Desktop.
Shows how we can generate a self-signed certificate for use with an Azure AD Service Principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires PowerShell to be run as Admin-level user. | |
| New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` | |
| -Subject "cn=mydemokvcert" -KeyDescription "Used to access Key Vault" ` | |
| -NotBefore (Get-Date).AddDays(-1) -NotAfter (Get-Date).AddYears(2) | |
| # PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my | |
| # | |
| #Thumbprint Subject | |
| #---------- ------- | |
| # C6XXXXXX53E8DXXXX2B217F6CD0A4A0F9E5390A5 CN=mydemokvcert | |
| # | |
| $pwd = ConvertTo-SecureString -String "YOUR_RANDOM_PASSWORD" -Force -AsPlainText | |
| # Export cert to PFX - uploaded to Azure App Service | |
| Export-PfxCertificate -cert cert:\localMachine\my\C6XXXXXX53E8DXXXX2B217F6CD0A4A0F9E5390A5 ` | |
| -FilePath keyvaultaccess03.pfx -Password $pwd | |
| # Directory: C:\WINDOWS\system32 | |
| # | |
| #Mode LastWriteTime Length Name | |
| #---- ------------- ------ ---- | |
| #-a---- 14/11/2016 16:06 2565 keyvaultaccess03.pfx | |
| # | |
| # Export Certificate to import into the Service Principal | |
| Export-Certificate -Cert cert:\localMachine\my\C6XXXXXX53E8DXXXX2B217F6CD0A4A0F9E5390A5 ` | |
| -FilePath keyvaultaccess03.crt | |
| ##### | |
| # Prepare Cert for use with Service Principal | |
| ##### | |
| $x509 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 | |
| $x509.Import("keyvaultaccess03.crt") | |
| $credValue = [System.Convert]::ToBase64String($x509.GetRawCertData()) | |
| # should match our certificate entries above. | |
| $validFrom = [System.DateTime]::Now.AddDays(-1) | |
| $validTo = [System.DateTime]::Now.AddYears(2) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment