I've created an Automation account with a RunAs account from Azure Portal. A certificate was automatically generated. I want to create a PFX file from this certificate using the openssl utility.
I can do it using PowerShell Core 7.1.0-rc.2 with these steps and code:
- Azure Portal > Azure Active Directory > App registrations > Automation account's service principal
- Select Manifest from left-side menu, scroll down in JSON to "keyCredentials" section
- Copy the entire string for the "value" property to a variable in PowerShell:
$base64value = "<contents of the value property here>" - PowerShell code to create a PFX file:
# Create a X509 certificate object
$byteArray = [System.Convert]::FromBase64String($base64value)
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($byteArray)
# Export the certificate as a PFX file
$bytesPfx = $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx)
[System.IO.File]::WriteAllBytes('filename.pfx', $bytesPfx)
What I'm trying to figure out is how to do that same process using the openssl utility, given that base64 string value from the JSON manifest of the Automation account. Since I am able to convert that base64 string to a byte array and then into a X509 certificate using the .NET class's constructor, I would imagine I'd need to use openssl x509, but I can't find any option that takes a base64 string or a binary argument or file.
filename.pfxcontains both the public and the private key thenbyteArrayalready represents a PFX. So you should be able to just base64-decode the blob and save it as a PFX directly. – bartonjs