How to “Import App Service Certificate” through Azure CLI (without PFX upload)

1
votes

We are currently using Azure CLI in order to create resources dynamically from a third party application.

Everything goes well, except for importing an app certificate for our dynamically created app service.

We do have an "App Service Certificate", and through the portal we can import it without any problem.

But how can we do this through Azure CLI WITHOUT having to download/upload a .PFX file?

Is there some command like the following pseudo-command?

az app service --add-app-service-certificate -subscriptionId MY_SUB -app-service MY_APP_SERVICE --certificate MY_APP_SERVICE_CERTIFICATE

Here's a screen shot of what I'm talking about: enter image description here

1
azurecertificateazure-web-app-serviceazure-cli
Suppose you could use Azure Key Vault, refer to this doc.docs.microsoft.com/en-us/azure/app-service/…George Chen
@GeorgeChen I already checked out that document, but in the examples it's still with the upload of a .pfx file.Mason
You don't want to upload .Pfx file without downloading it to your local machine ? Is it the case?Mohit Verma
@Mason,No, I'm saying use App Service certificate and store it to Key Vault, please check first half of the doc.George Chen
@GeorgeChen I get that, but how can I "Import App Service Certificate" without having to download it first from the Key Vault?Mason

1 Answers

1
votes

I am assuming you are looking for a way to upload and bind the certificate to your azure web app without using Azure portal(By Power shell program).

you can simply use below CLI command as suggested by George Chen:

thumbprint=$(az webapp config ssl upload --certificate-file $pfxPath \
--certificate-password $pfxPassword --name $webappname --resource-group $resourceGroup \
--query thumbprint --output tsv)

# Binds the uploaded SSL certificate to the web app.
az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI \
--name $webappname --resource-group $resourceGroup

You can read about the command in detail in below doc:

https://docs.microsoft.com/en-us/cli/azure/webapp/config/ssl?view=azure-cli-latest

Please be informed that Certificate files needs to be present at physical location for achieving the result as the command mentioned below

**--certificate-file $pfxPath**

It takes the path of the file. SO to answer your question " But how can we do this through Azure CLI WITHOUT having to download/upload a .PFX file? " Without downloading the cert file in local , it is not possible.

But you can simply use Azure CLI command to import it.

Hope it helps.