Friday, 17 April 2015

Create certificate for use with Azure PowerShell cmdlets

There are two ways to access your Azure subscription from PowerShell(PS). The first is to use Add-AzureAccount and subsequently be greeted with a login. The other way is to use Set-AzureSubscription and use certificates.

Below is the method of using certificates for more fluid scripts.

  1. Open visual studio command prompt as an administrator. This is located under your Visual Studio family of applications. 

  2. run this command (replacing <NameOfYourCert> with a name)
    makecert -sky exchange -r -n "CN=<NameOfYourCert>" -pe -a sha1 -len 2048 -ss My "<NameOfYourCert>.cer"
  3. Run certmr.msc by searching it on your start menu.
  4. Navigate to Personal -> Certificates and find your certificate. Right click your certificate and click 'Export...'
  5. Run through the wizard selecting all default options. Do not export your private key and save your certificate anywhere on your desktop
  6. Log into Azure go to Settings and Import your certificate

  7. Once uploaded you should see your management certificate appear and you will be able to run the PowerShell script below. You should be able to see the SubscriptionId and Thumbprint from the first screenshot from step 6.
    Set-AzureSubscription -SubscriptionId "<YourSubscriptionIdFromAzure>" -Certificate (Get-Item "Cert:\CurrentUser\my\$<YourCertificateThumbprint>") 


  1. The location of makecert for Visual Studio 2013: C:\Program Files (x86)\Windows Kits\8.1\bin\x64

  2. oh b.t.w. thanks Raph.. helped me out big time :)