CODEWITHSUNDEEP
azurepowershell
Mathias Ottsen
Mathias Ottsen

Reputation: 25

Azure PowerShell Retrieve Cloud Classic Certificates

I've been trying for some time to find a way to retrieve output from certificates at our Cloud Classic resource.

We have a Cloud Management Gateway which stores certs in a Cloud Service. As a part of monitoring that i would like to find a way of pulling out that data with powershell.

Anyone have any experience with this? Haven't been able yet to find anything that works.

Upvotes: 0

Views: 409

Answers (1)

Jim Xu
Jim Xu

Reputation: 23111

If you want to retrieve the certificate from the Azure cloud service, we can use the command Get-AzureCertificate

For example

  1. create Run as account in azure automation account

  2. Script

$ConnectionAssetName = "AzureClassicRunAsConnection"
      

# Authenticate to Azure with certificate
Write-Verbose "Get connection asset: $ConnectionAssetName" -Verbose
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
if ($Conn -eq $null)
{
    throw "Could not retrieve connection asset: $ConnectionAssetName. Assure that this asset exists in the Automation account."
}

$CertificateAssetName = $Conn.CertificateAssetName
Write-Verbose "Getting the certificate: $CertificateAssetName" -Verbose
$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName
if ($AzureCert -eq $null)
{
    throw "Could not retrieve certificate asset: $CertificateAssetName. Assure that this asset exists in the Automation account."
}

Write-Verbose "Authenticating to Azure with certificate." -Verbose
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert 
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID

$certs=Get-AzureCertificate -ServiceName testcloud05

foreach($cert in $certs){

  $result=[System.Security.Cryptography.X509Certificates.X509Certificate2]([System.Convert]::FromBase64String($cert.Data))
  $result.Subject
  Get-Date $result.NotAfter -Format d

}
$ConnectionAssetName = "AzureClassicRunAsConnection"
      

# Authenticate to Azure with certificate
Write-Verbose "Get connection asset: $ConnectionAssetName" -Verbose
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
if ($Conn -eq $null)
{
    throw "Could not retrieve connection asset: $ConnectionAssetName. Assure that this asset exists in the Automation account."
}

$CertificateAssetName = $Conn.CertificateAssetName
Write-Verbose "Getting the certificate: $CertificateAssetName" -Verbose
$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName
if ($AzureCert -eq $null)
{
    throw "Could not retrieve certificate asset: $CertificateAssetName. Assure that this asset exists in the Automation account."
}

Write-Verbose "Authenticating to Azure with certificate." -Verbose
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert 
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID

$certs=Get-AzureCertificate -ServiceName "<your cloud service name>"

foreach($cert in $certs){

  $result=[System.Security.Cryptography.X509Certificates.X509Certificate2]([System.Convert]::FromBase64String($cert.Data))
  $result.Subject
  Get-Date $result.NotAfter -Format d

}

enter image description here enter image description here

Upvotes: 1

Related Questions