Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Export App Service Certificate and set up a password

Guest Joe_Chen

By Guest Joe_Chen
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest Joe_Chen

Guest Joe_Chen

Posted
Posted

This blog will guide how to export the App Service Certificate from Azure Portal and set up a password for the certificate in Windows and export it with password by using PowerShell.

 

 

 

When we create App Service Certificate (Add and manage TLS/SSL certificates - Azure App Service | Microsoft Learn) in Azure Portal, sometime we are not using it in the App Service but use it for Azure VM or on-prem VM. Moreover, we will use it in some Azure resources (such as upload the certificate to Azure Application Gateway).

 

 

 

However, after you export the App Service Certificate from Azure Portal, when you are going to upload it to Azure Application Gateway or use it in the Azure VM or on-prem VM, you would find out sometimes it would need the "password". But you don't know what the password is for the certificate. This is because when we export App Service Certificate, it is without password by default so we need to set it up manually by ourselves.

 

 

 

In this article, we will show you how to export the App Service Certificate and set up the password for certificate in Windows:

 

Export the App Service Certificate in Azure Portal and set up the password in Windows

 

  1. Go to your App Service Certificate and click "Export Certificate" -> "Open Key Vault Secret"

 

476x300vv2.png.33dfd03f8b0930a58e81ec9ef5e76a6f.png

 

  1. Click the current version of certificate

 

largevv2px999.png.faf84ed0d18b5315626c33cd6913fda9.png

 

  1. Click "Download as a certificate"

 

496x398vv2.png.2d23d57882c35c152786ea204f6afabe.png

 

  1. Right click on the download .pfx certificate and click "Install PFX"

 

mediumvv2px400.png.81ecb986bea55a8835a2e8716c6b4736.png

 

  1. Select "Current User"

 

419x406vv2.png.a74303647c54cb16dc466e7cf208b148.png

 

  1. Make sure that select the correct .pfx file

 

426x415vv2.png.8a99b7d9ff7b7e3ff39e8c5387276a11.png

 

  1. Keep the password empty and check the "Mark this key as exportable. This will allow you to backup or transport your keys at a latter time" checkbox

 

436x423vv2.png.a49ef731de16c71a9aae715de2741c0a.png

 

  1. Select "Place all certificates in the following store" and Choose "Personal" for Certicate store

 

418x408vv2.png.97ced251ec4f5c3047c948249bc9aa28.png

 

  1. Click "Finish"
  2. Open Certificate Manager by searching "certmgr.msc" in Windows

 

474x423vv2.png.5a97ef7c22264bb33ab4baf1d6da98de.png

 

  1. Select "Certificates - Current User" -> "Personal" -> "Certificate". Then right click on the target certificate and select "All Tasks" -> "Exports…"

 

487x286vv2.png.50435f2cdd9c9edd3f79e2c508df16d5.png

 

  1. Choose "Yes, export the private key"

 

434x451vv2.png.e563b408b7772158c86e1dea2ec133d2.png

 

  1. Choose "Personal Information Exchange - PKCS #12 (.PFX)" and make sure check the "Include all certificates in the certification path if possible" and "Enable certificate privacy"

 

421x431vv2.png.9f5a0ca647eb85c1b53f8763a56e7cda.png

 

  1. Select the "Password" and enter the password

 

402x416vv2.png.86860562bec70a120bfd1fb4edd895d5.png

 

  1. Give a filename to save this certificate

 

402x411vv2.png.1c5c073dc7a5dfb3a78daedd587d94ee.png

 

  1. Click "Finish"

 

Export the App Service Certificate with the password by PowerShell

 

You could also use the PowerShell simply to export it by following script:

 

 

 

#Connect to Azure and select subscription

Login-AzureRmAccount

Select-AzureRMSubscription -SubscriptionName "<name of subscription containing keyvault>"

 

#Obtain the secret from keyvault

$vaultName = '<name of Keyvault>'

$secretName = '<name of secret containing certificate>'

$certString = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $secretName

 

#Create a PFX from the secret and write to disk

$kvSecretBytes = [system.Convert]::FromBase64String($certString.SecretValueText)

$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection

$certCollection.Import($kvSecretBytes,$null,[system.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)

$password = '<required password for PFX>'

$protectedCertificateBytes = $certCollection.Export([system.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)

$pfxPath = "C:\temp\$secretName.pfx"

[system.IO.File]::WriteAllBytes($pfxPath, $protectedCertificateBytes)

 

 

 

 

 

 

Congratulation, after these steps, now you will get a certificate with password! At last, would like add a kind reminder below:

 

largevv2px999.png.f7cc0d8f7cce7d5805e1949cf1f6757d.png

 

Hope this article is helpful for you, thank you for reading :)

 

 

 

Reference:

 

Azure: Exporting App Service Certificates - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...