Following PowerShell Script will perform the following:
- Create Azure Key Vault
- Create Certificate
- Create Azure App Registration
- Associate Certificate to App Registration
- Display the Thumbprint
PowerShell Scripts
Clear
# Set Variables
$KeyVault = “NewKeyVaultMar2020”
$ResourceGroup = “jp-resource-group”
$location = “East US”
$PfxFilePath = ‘YourCertificate.pfx’
$CerFilePath = ‘C:\Certificates\YourCertificate.cer’
$DNSName = ‘yourdns.yourdomain.com’
$Password = ‘Password$$1!”‘
$StoreLocation = ‘CurrentUser’
$CertBeginDate = Get-Date
$CertExpiryDate = $CertBeginDate.AddYears(1)
$UniqueName = New-Guid
$UniqueName -replace’-‘, ”
$UniqueName
$URL = ‘http://’ + $UniqueName
#Print
$URL
# Connect to Azure
Connect-AzureRmAccount
# Create Key Vault
New-AzureRmKeyVault -Name $KeyVault -ResourceGroupName $ResourceGroup -Location $location
# Create Secret
$SecretValue = ConvertTo-SecureString $Password -AsPlainText -Force
$Secret = Set-AzureKeyVaultSecret -VaultName $KeyVault -Name ‘SQLPassword’ -SecretValue $SecretValue
(get-azurekeyvaultsecret -vaultName $KeyVault -name “SQLPassword”).SecretValueText
# Create Certificate
$SecStringPw = ConvertTo-SecureString -String $Password -Force -AsPlainText
$Cert = New-SelfSignedCertificate -DnsName $DNSName -CertStoreLocation “cert:\$StoreLocation\My” -NotBefore $CertBeginDate -NotAfter $CertExpiryDate -KeySpec Signature
Export-PfxCertificate -cert $Cert -FilePath $PFXFilePath -Password $SecStringPw
Export-Certificate -cert $Cert -FilePath $CerFilePath
$x509 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$x509.Import($CerFilePath)
$credValue = [System.Convert]::ToBase64String($x509.GetRawCertData())
$adapp = New-AzureRmADApplication -DisplayName “Your Web Application” -HomePage $URL -IdentifierUris $URL -CertValue $credValue -StartDate $x509.NotBefore -EndDate $x509.NotAfter
$sp = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName $KeyVault -ServicePrincipalName $URL -PermissionsToSecrets get,list,set,delete,backup,restore,recover,purge -ResourceGroupName $ResourceGroup
#Print Thumbprint
$x509.Thumbprint
Execution
Open PowerShell ISE in Administrative Mode
Change the Key Vault Name to a New Unique One
Change the Resource Group Name to yours
Run the PowerShell
Enter Login Information when Prompted
Validation
Once successfully executed you can see the following:
- Key Vault
- Azure App Registration
- Certificate