Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create an Azure AD App with Multiple Certs for Authentication
Login-AzureRmAccount
# Create the self signed cert
mkdir c:\certificates
$currentDate = Get-Date
$endDate = $currentDate.AddYears(1)
$notAfter = $endDate.AddYears(1)
$pwdplaintext = "P@ssW0rd1"
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName AadAppCertTest1 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwdplaintext -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\certificates\AadAppCertTest1.pfx -Password $pwd
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName AadAppCertTest2 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
$pwd = ConvertTo-SecureString -String $pwdplaintext -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumb" -FilePath c:\certificates\AadAppCertTest2.pfx -Password $pwd
$thumb = (New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName AadAppCertTest2 -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter).Thumbprint
# Load the certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\certificates\AadAppCertTest1.pfx", $pwdplaintext)
$certValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
# Create the Azure AD Application using the first certificate
$adapp = New-AzureRmADApplication -DisplayName "TestAzureAdApp01" -HomePage "http://TestAzureAdApp01.azurewebsites.net/" -IdentifierUris "http://TestAzureAdApp01.azurewebsites.net/" -CertValue $certValue -StartDate (Get-Date $cert.GetEffectiveDateString()) -EndDate $notAfter
# Next add the second certificate using the New-AzureRmAdAppCredential
$cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\certificates\AadAppCertTest2.pfx", $pwdplaintext)
$certValue2 = [System.Convert]::ToBase64String($cert2.GetRawCertData())
New-AzureRmADAppCredential -ApplicationId $adapp.ApplicationId -CertValue $certValue2
# Running Get-AzureRmADApplication and piping it to Get-AzureRmADAppCredential should show the two keys
Get-AzureRmADApplication -ApplicationId $adapp.ApplicationId | Get-AzureRmADAppCredential
# Finally create the Azure AD Service Principal
$sp = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment