Reputation: 23
Create a Application in Azure AD with Azure PowerShell Certificate authentication
I was trying to Create a Application in Azure AD with Azure PowerShell Certificate authentication, below is the Powershell snippet:
Login-AzureRmAccount
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName "Owner" -ServicePrincipalName $app.ApplicationId
the Azure AD application was created successfully, however for Azure AD application with Certificate Authentication, the customKeyIdentifier and value of in the keyCredentials is null after creation, this is the portion of manifest of my application I downloaded from Azure portal:
"keyCredentials": [{
"customKeyIdentifier": null,
"endDate": "2017-02-25T20:48:35.5174541Z",
"keyId": "575580cc-ce4e-4862-ad3e-1ba5833fe7f6",
"startDate": "2016-02-25T20:48:35.5174541Z",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": null
}],
FYI the certificate is a self signed certificate I use makecert command generated locally.
Any advice, great appreciate.
James
Upvotes: 0
Views: 2604
Answers (1)
Reputation: 11246
Add a call to Set-AzureRmKeyVaultAccessPolicy to specify the access level you want the service principle to have for the key vault. See the changes in the last two lines for your script.
Login-AzureRmAccount
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
$sp = New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName "<your-vault-name>" `
-ServicePrincipalName $sp.ServicePrincipalName `
-PermissionsToKeys all -PermissionsToSecrets all `
-ResourceGroupName "<your-resource-group-name>"
Upvotes: 1
Related Questions
- How to create .pfx file from certificate and private key?
- AzureAD configuration with public key authentication on Spring Boot
- Why can't Azure App Service find my GoDaddy certificate?
- Registering an Azure Active Directory Application using Azure DevOps
- How do I register my application locally created with one I created in Azure Active Directory?
- Certificate Authentication in Key Vault
- New-AzureRmADApplication throwing exception of type System.Exception
- Why am I getting "Key credential start date is invalid." trying to create a Active Directory Service Principal
- Create an Azure AD application with KeyVault & Azure PowerShell Certificate authentication
- Got error "Service principal was not found" when trying to add a certificate to an azure app