October 27, 2019 at 3:41 pm #185183ParticipantTopics: 2Replies: 1Points: 5Rank: Member
I'm trying to upload a PFX certificate to Azure, and afterwards bind the certificate to a web app. For the binding part I can use the New-AzWebAppSSLBinding cmdlet. The documentation says:
The cmdlet creates an SSL binding in two ways:
– You can bind a Web App to an existing certificate.
– You can upload a new certificate and then bind the Web App to this new certificate.
Because I want to add the same certificate (which would be a SAN / wildcard cert, so I can use it for a whole bunch of domains) to a couple of webapps / domains, I'd first like to upload the certificate, and then go for option 1 and bind the web app to an existing certifcate.
So now the question is, how do I upload the PFX. I used to be able to use the Add-AzureCertificate which came with the Azure module. But I have upgraded to the Az module which doesn't seem to have a cmdlet to add / upload / import a certificate for a web app to Azure. I'm also not able to install the Azure module side by side with the Az module, because it has overlapping cmdlet names.
PackageManagement\Install-Package : The following commands are already available on this system:'Login-AzAccount,Logout-AzAccount,Resolve-Error,Send-Feedback'. This module 'AzureRM.profile' may override the existing commands. If you still want to install this module 'AzureRM.profile', use -AllowClobber parameter. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\184.108.40.206\PSModule.psm1:1809 char:21 + ... $null = PackageManagement\Install-Package @PSBoundParameters + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exception + FullyQualifiedErrorId : CommandAlreadyAvailable,Validate-ModuleCommandAlreadyAvailab
Is there a cmdlet in the Az module that I can use to upload the certificate? Of is there another way in which I could install just the Add-AzureCertificate cmdlet from the Azure module? Or should I go for a totally different approch with this?
October 27, 2019 at 8:29 pm #185213ParticipantTopics: 39Replies: 55Points: 94Rank: Member
You have to upload the certificate to the WebApp once created using the cmdlet below. But personally i would reference the certificate within key vault.
New-AzWebAppSSLBinding -WebAppName $webappname -ResourceGroupName $webappname -Name $fqdn ` -CertificateFilePath $pfxPath -CertificatePassword $pfxPassword -SslState SniEnabled
October 29, 2019 at 1:50 pm #185432ParticipantTopics: 2Replies: 1Points: 5Rank: Member
Hi Tommy, thanks for your reply!
I came to the same conclusion as you, regarding the upload and bind once via New-AzWebAppSSLBinding. After that, for the other custom domainnames to the same app I can use the -Thumbprint parameter.
Why do you think it is better to reference the certificate within key vault? Can you recommend any resources on that?
- You must be logged in to reply to this topic.