Deploying certificates with Windows Azure Virtual Machines and PowerShell

A common question around using the Windows Azure PowerShell cmdlets is how to deploy certificates with VMs? In this post I’ve put together two samples on how to do this on Windows and Linux VMs.

Windows VM Example

Select-AzureSubscription mysub 
 
$service = 'yourservicename1'
$location = 'West US'
 
## Cloud Service must already exist 
New-AzureService -ServiceName $service -Location $location
 
## Add Certificate to the store on the cloud service (.cer or .pfx with -Password)
Add-AzureCertificate -CertToDeploy 'D:User-DatadevelopmentAzure Samplesmlwdevcert.cer' -ServiceName $service
 
## Create a certificate setting for deploying the VM 'My' is the only supported store (goes into computer account)
$cert1 = New-AzureCertificateSetting -Thumbprint D7BECD4D63EBAF86023BB4F1A5FBF5C2C924902A -StoreName 'My'
 
## Create the VM passing the certificate setting in the provisioning config 
New-AzureVMConfig -ImageName 'MSFT__Windows-Server-2012-Datacenter-201208.01-en.us-30GB.vhd' -InstanceSize 'Small' -Name 'win2012cert' |
      Add-AzureProvisioningConfig -Windows -Password 'somepass@1' -Certificates $cert1 |
      New-AzureVM -ServiceName $service

Linux VM Example

Select-AzureSubscription mysub 
 
$service = 'yourservicename1'
$location = 'West US'
 
## Cloud Service must already exist 
New-AzureService -ServiceName $service -Location $location
 
## Add Certificate to the store on the cloud service (.cer or .pfx with -Password)
Add-AzureCertificate -CertToDeploy 'D:User-DatadevelopmentAzure Samplesmlwdevcert.cer' -ServiceName $service
 
## Create a certificate in the users home directory
$sshkey = New-AzureSSHKey -PublicKey -Fingerprint D7BECD4D63EBAF86023BB4F1A5FBF5C2C924902A -Path '/home/mwasham/.ssh/authorized_keys'
 
New-AzureVMConfig -ImageName 'CANONICAL__Canonical-Ubuntu-12-04-amd64-server-20120528.1.3-en-us-30GB.vhd' -InstanceSize 'Small' -Name 'linuxwithcert' |
	Add-AzureProvisioningConfig -Linux -LinuxUser 'mwasham' -Password 'somepass@1' -SSHPublicKeys $sshKey |
	New-AzureVM -ServiceName $service

Note: The -Certificates and -SSHPublicKeys parameters are arrays so they can accept multiple certificates.
-SSHPublicKeys $sshKey1,$sshKey2

For Linux there is also the -SSHKeyPairs parameter for passing a key pair instead of just the public key. -Certificates can handle both types on Windows.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>