How do I upload a PFX certificate to Azure

Welcome Forums General PowerShell Q&A How do I upload a PFX certificate to Azure

Viewing 2 reply threads
  • Author
    Posts
    • #185183
      Participant
      Topics: 2
      Replies: 1
      Points: 5
      Rank: Member

      Hi!

      I'm trying to upload a PFX certificate to Azure, and afterwards bind the certificate to a web app. For the binding part I can use the New-AzWebAppSSLBinding cmdlet. The documentation says:

      The cmdlet creates an SSL binding in two ways:

      – You can bind a Web App to an existing certificate.
      – You can upload a new certificate and then bind the Web App to this new certificate.

      Because I want to add the same certificate (which would be a SAN / wildcard cert, so I can use it for a whole bunch of domains) to a couple of webapps / domains, I'd first like to upload the certificate, and then go for option 1 and bind the web app to an existing certifcate.

      So now the question is, how do I upload the PFX. I used to be able to use the Add-AzureCertificate which came with the Azure module. But I have upgraded to the Az module which doesn't seem to have a cmdlet to add / upload / import a certificate for a web app to Azure. I'm also not able to install the Azure module side by side with the Az module, because it has overlapping cmdlet names.

      PackageManagement\Install-Package : The following commands are already available on this system:'Login-AzAccount,Logout-AzAccount,Resolve-Error,Send-Feedback'. This module 'AzureRM.profile' may override the existing commands. If you still want to install this module 'AzureRM.profile', use -AllowClobber parameter. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21 + ... $null = PackageManagement\Install-Package @PSBoundParameters + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exception + FullyQualifiedErrorId : CommandAlreadyAvailable,Validate-ModuleCommandAlreadyAvailab

      Is there a cmdlet in the Az module that I can use to upload the certificate? Of is there another way in which I could install just the Add-AzureCertificate  cmdlet from the Azure module? Or should I go for a totally different approch with this?

    • #185213
      Participant
      Topics: 39
      Replies: 55
      Points: 94
      Rank: Member

      You have to upload the certificate to the WebApp once created using the cmdlet below. But personally i would reference the certificate within key vault.

      New-AzWebAppSSLBinding -WebAppName $webappname -ResourceGroupName $webappname -Name $fqdn ` -CertificateFilePath $pfxPath -CertificatePassword $pfxPassword -SslState SniEnabled

       

       

    • #185432
      Participant
      Topics: 2
      Replies: 1
      Points: 5
      Rank: Member

      Hi Tommy, thanks for your reply!

      I came to the same conclusion as you, regarding the upload and bind once via New-AzWebAppSSLBinding. After that, for the other custom domainnames to the same app I can use the -Thumbprint parameter.

      Why do you think it is better to reference the certificate within key vault? Can you recommend any resources on that?

Viewing 2 reply threads
  • You must be logged in to reply to this topic.