andersosthus · February 9, 2016 15:23 · Feb 9, 2016
diff --git a/ApplicationManifest.xml b/ApplicationManifest.xml
@@ -0,0 +1,13 @@
+<ApplicationManifest>
+  ...
+  <ServiceManifestImport>
+      <ServiceManifestRef ServiceManifestName="SERVICENAME" ServiceManifestVersion="1.0.0" />
+      <Policies>
+        <EndpointBindingPolicy CertificateRef="MyCertificateName" EndpointRef="ServiceEndpoint" />
+      </Policies>
+  </ServiceManifestImport>
+  ...
+  <Certificates>
+    <EndpointCertificate Name="MyCertificateName" X509FindValue="CERT_THUMBPRINT"/>
+  </Certificates>
+</ApplicationManifest>
diff --git a/ServiceManifest.xml b/ServiceManifest.xml
@@ -0,0 +1,8 @@
+<ServiceManifest>
+  ...
+  <Resources>
+    <Endpoints>
+      <Endpoint Name="ServiceEndpoint" Type="Input" Protocol="https" Port="443" CertificateRef="MyCertificateName" />
+    </Endpoints>
+  </Resources>
+</ServiceManifest>
diff --git a/installCertOnVm.ps1 b/installCertOnVm.ps1
@@ -0,0 +1,46 @@
+# Upload certificate to VMs.
+
+Param
+(
+    [Parameter(Mandatory = $true)]
+    [string]
+    $SourceVault,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $ResourceGroup,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $CertificateUrl,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $VMPrefix,
+
+    [Parameter(Mandatory = $true)]
+    [int]
+    $VMCount
+)
+
+$CertStore = "My"
+
+for($i = 0; $i -lt $VMCount; $i++) {
+    $VMName = "$VMPrefix$i"
+    Write-Information "Getting VM info for VM $VMName"
+
+    $VM = Get-AzureRmVM -ResourceGroupName $ResourceGroup -Name $VMName
+    $VM = Add-AzureRmVMSecret -VM $VM -SourceVaultId $SourceVault -CertificateStore $CertStore -CertificateUrl $CertificateUrl
+
+    Write-Information "Updating VM $VMName"
+
+    try
+    {
+        Update-AzureRmVM -ResourceGroupName $ResourceGroup -VM $VM
+    }
+    Catch
+    {
+        $ExceptionMessage = $_.Exception.Message
+        Write-Warning $ExceptionMessage
+    }
+}
diff --git a/uploadCertToKeyVault.ps1 b/uploadCertToKeyVault.ps1
@@ -0,0 +1,58 @@
+# Before execution make sure to have logged in to Azure (Login-AzureRmAccount)
+# and selected the correct subscription (Select-AzureRmSubscription)
+
+Param
+(
+    [Parameter(Mandatory = $true)]
+    [string]
+    $CertificateName,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $PfxFile,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $VaultName
+)
+
+$resourceId = $null
+try
+{
+    $existingKeyVault = Get-AzureRmKeyVault -VaultName $VaultName
+    $resourceId = $existingKeyVault.ResourceId
+
+    Write-Host "Using existing valut $VaultName in $($existingKeyVault.Location)"
+}
+catch
+{
+    throw "Unable to find KeyVault named $VaultName"
+}
+
+$securePass = Read-Host 'Password: ' -AsSecureString
+$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($securePass))
+
+$PfxPath = Resolve-Path $PfxFile
+
+$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxPath, $password
+$bytes = [System.IO.File]::ReadAllBytes($PfxPath)
+$base64 = [System.Convert]::ToBase64String($bytes)
+$jsonBlob = @{
+   data = $base64
+   dataType = 'pfx'
+   password = $password
+   } | ConvertTo-Json
+
+$contentbytes = [System.Text.Encoding]::UTF8.GetBytes($jsonBlob)
+$content = [System.Convert]::ToBase64String($contentbytes)
+$secretValue = ConvertTo-SecureString -String $content -AsPlainText -Force
+
+Write-Host "Writing secret to $CertificateName in vault $VaultName"
+$secret = Set-AzureKeyVaultSecret -VaultName $VaultName -Name $CertificateName -SecretValue $secretValue
+
+$output = @{};
+$output.SourceVault = $resourceId;
+$output.CertificateURL = $secret.Id;
+$output.CertificateThumbprint = $cert.Thumbprint;
+
+return $output;
No results found