In this article we will create an ARM template that will deploy a web certificate to an Azure resource group and output the certificate thumbprint.

Adding an SSL certificate to an app with Azure App Service can be achieved via the Azure portal. When selecting SSL certificates in an App Service then Upload Certificate, you can upload a PFX Certificate File with the associated Certificate password. The certificate will then be added to the resource group and will be available to create a binding with the application.

In today's article we will discover how to manage this operation via an Azure Resource Manager template. Our ARM template will be created in a new Azure Resource Group deployment project in Visual Studio.

 

Creation

Let's declare the parameters of the ARM template:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "certificatePrefixName": {
      "type": "string"
    },
    "certificatePfxBase64": {
      "type": "securestring"
    },
    "certificatePfxPassword": {
      "type": "securestring"
    }
  }
  ...
}

 

Now we will declare the resources of the ARM template:

{
  ...
  "variables": {
    "certificateName": "[concat(parameters('certificatePrefixName'), uniqueString(resourceGroup().id))]"
  },
  "resources": [
    {
      "apiVersion": "2015-08-01",
      "name": "[variables('certificateName')]",
      "type": "Microsoft.Web/certificates",
      "location": "[resourceGroup().location]",
      "properties": {
        "pfxBlob": "[parameters('certificatePfxBase64')]",
        "password": "[parameters('certificatePfxPassword')]"
      },
      "tags": {
        "displayName": "Certificate"
      }
    }
  ]
  ...
}

We can pay attention to two things here:

 

And to finish we will output the certificate thumbprint:

{
  ...
  "outputs": {
    "certificateThumbprint": {
      "type": "string",
      "value": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName')), providers('Microsoft.Web', 'certificates').apiVersions[0]).thumbprint]"
    }
  }
}

As you can notice, we take advantage of the ARM template function providers. This function is useful to get the latest API version for a specific namespace.

 

Example of use

The ARM template is now ready, let's open a Windows PowerShell and try it:

.\Deploy-AzureResourceGroup.ps1 -ResourceGroupName 'MyResourceGroupName' -ResourceGroupLocation 'canadaeast' -TemplateFile '.\azuredeploy.json'

...

OutputsString      :
                     Name                   Type                       Value
                     ===============        =========================  ==========
                     certificateThumbprint  String                     22XXBE10XXE5D2DBAD29DXXXX75510583XXXXXE2

If everything goes well, you should see the same kind of output as above.

 

To go further

In the template you need the certificate PFX file bytes converted to a base 64 string. Here is a simple PowerShell script that will take the file path of a PFX file and output it as base64 string in a file:

Param([string] $pfxFilePath)

$pfxFileBytes = get-content $pfxFilePath -Encoding Byte

[System.Convert]::ToBase64String($pfxFileBytes) | Out-File 'PfxFileBytes-Base64.txt'

 

 

Summary

We have seen how to create an ARM template that will deploy a web certificate to an Azure resource group and output the certificate thumbprint.

 

You can download the example solution here:

Download full sources

Or

Browse the GitHub repository

 

Please feel free to comment or contact me if you have any question about this article.


Comments

Add a comment

(Will not be published)

Back to articles