Last active
October 2, 2017 17:18
-
-
Save vijayjt/d1aab6937eaeb21da69d41fbae7a3c03 to your computer and use it in GitHub Desktop.
Create an Azure AD App with Multiple Certs for Authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Login-AzureRmAccount | |
# Create the self signed cert | |
mkdir c:\certificates | |
$currentDate = Get-Date | |
$endDate = $currentDate.AddYears(1) | |
$notAfter = $endDate.AddYears(1) | |
$pwdplaintext = "P@ssW0rd1" | |
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName AadAppCertTest1 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint | |
$pwd = ConvertTo-SecureString -String $pwdplaintext -Force -AsPlainText | |
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\certificates\AadAppCertTest1.pfx -Password $pwd | |
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName AadAppCertTest2 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint | |
$pwd = ConvertTo-SecureString -String $pwdplaintext -Force -AsPlainText | |
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\certificates\AadAppCertTest2.pfx -Password $pwd | |
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName AadAppCertTest2 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint | |
# Load the certificate | |
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\certificates\AadAppCertTest1.pfx", $pwdplaintext) | |
$certValue = [System.Convert]::ToBase64String($cert.GetRawCertData()) | |
# Create the Azure AD Application using the first certificate | |
$adapp = New-AzureRmADApplication -DisplayName "TestAzureAdApp01" -HomePage "http://TestAzureAdApp01.azurewebsites.net/" -IdentifierUris "http://TestAzureAdApp01.azurewebsites.net/" -CertValue $certValue -StartDate (Get-Date $cert.GetEffectiveDateString()) -EndDate $notAfter | |
# Next add the second certificate using the New-AzureRmAdAppCredential | |
$cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\certificates\AadAppCertTest2.pfx", $pwdplaintext) | |
$certValue2 = [System.Convert]::ToBase64String($cert2.GetRawCertData()) | |
New-AzureRmADAppCredential -ApplicationId $adapp.ApplicationId -CertValue $certValue2 | |
# Running Get-AzureRmADApplication and piping it to Get-AzureRmADAppCredential should show the two keys | |
Get-AzureRmADApplication -ApplicationId $adapp.ApplicationId | Get-AzureRmADAppCredential | |
# Finally create the Azure AD Service Principal | |
$sp = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment