Adding an SSL certificate to an app with Azure App Service can be achieved via the Azure portal. When selecting SSL certificates in an App Service then Upload Certificate, you can upload a PFX Certificate File with the associated Certificate password. The certificate will then be added to the resource group and will be available to create a binding with the application.
In today's article we will discover how to manage this operation via an Azure Resource Manager template. Our ARM template will be created in a new Azure Resource Group deployment project in Visual Studio.
Creation
Let's declare the parameters of the ARM template:
{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "certificatePrefixName": { "type": "string" }, "certificatePfxBase64": { "type": "securestring" }, "certificatePfxPassword": { "type": "securestring" } } ... }
Now we will declare the resources of the ARM template:
{ ... "variables": { "certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]" }, "resources": [ { "apiVersion": "2015-08-01", "name": "[variables('certificateName')]", "type": "Microsoft.Web/certificates", "location": "[resourceGroup().location]", "properties": { "pfxBlob": "[parameters('certificatePfxBase64')]", "password": "[parameters('certificatePfxPassword')]" }, "tags": { "displayName": "Certificate" } } ] ... }
We can pay attention to two things here:
And to finish we will output the certificate thumbprint:
{ ... "outputs": { "certificateThumbprint": { "type": "string", "value": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName')), providers('Microsoft.Web', 'certificates').apiVersions[0]).thumbprint]" } } }
As you can notice, we take advantage of the ARM template function providers. This function is useful to get the latest API version for a specific namespace.
Example of use
The ARM template is now ready, let's open a Windows PowerShell and try it:
.\Deploy-AzureResourceGroup.ps1 -ResourceGroupName 'MyResourceGroupName' -ResourceGroupLocation 'canadaeast' -TemplateFile '.\azuredeploy.json'
...
OutputsString :
Name Type Value
=============== ========================= ==========
certificateThumbprint String 22XXBE10XXE5D2DBAD29DXXXX75510583XXXXXE2
If everything goes well, you should see the same kind of output as above.
To go further
In the template you need the certificate PFX file bytes converted to a base 64 string. Here is a simple PowerShell script that will take the file path of a PFX file and output it as base64 string in a file:
Param([string] $pfxFilePath) $pfxFileBytes = get-content $pfxFilePath -Encoding Byte [System.Convert]::ToBase64String($pfxFileBytes) | Out-File 'PfxFileBytes-Base64.txt'
Summary
We have seen how to create an ARM template that will deploy a web certificate to an Azure resource group and output the certificate thumbprint.
You can download the example solution here:
Or
Browse the GitHub repository
Please feel free to comment or contact me if you have any question about this article.
Very succinct and super helpful.
I just ran into the need to do exactly this and this article proved super useful, even six years later.
Cheers!