Forum Discussion

Gurdev Singh's avatar
Gurdev Singh
Iron Contributor
Oct 22, 2022

Connect to SPO from Azure automation runbook using a certificate

How to connect to SPO using Pnp powershell Connect-PnpOnline using a certificate with script being executed from Azure automation runbook.   I have exported a self-signed certificate and uploaded t...
Connect-PnPOnline
PnP
Gurdev Singh's avatar
Gurdev Singh
Iron Contributor
Oct 23, 2022
Thanks Nanddeep...However, I have discovered with new version of PowerShell and PnP, the certificate thumbprint parameter no longer works and Connect-PnPOnline requires a certificatePath parameter instead.
  • David Remillard's avatar
    David Remillard
    Copper Contributor
    Dec 12, 2022
    Hi Gurdev,
    I'm having the same issue. I can actually connect using a thumbprint when running from my laptop, but when running the same command and same app reg and thumbprint in an Azure runbook, the connect fails and says it can't find a cert. Where did you end up storing the .pfx file so that you could reference it in your runbook? Azure Storage? Do you have an example of your powershell commands for the connection?

    Thanks,
    Dave
    • Gurdev Singh's avatar
      Gurdev Singh
      Iron Contributor
      Dec 14, 2022

      Hi David Remillard 

       

      I gave up on using a certificate for authentication when running a script from Azure Runbook. One thing that I found bit promising was to store the exported certificate file (including the private key) in runbook account, in runbook script store the certificate to runbook temporary storage and then invoke Connect-PnPOnline (code below).

       

      What I ended up ultimately was to use the legacy SharePoint App-Only principals? 

       

       

      # # Save authentication certificate to temp location
$certificate = Get-AutomationCertificate -Name "<certificate name>";
$credentials = Get-AutomationPSCredential -Name "<credentials i.e. the password for certificate file>";
$secureCertificatePassword = $credentials.Password;
$certificatePassword = $credentials.GetNetworkCredential().Password;
$certificatePath = "$env:TEMP\temp.pfx";
$pfxCertificate = $certificate.Export(3, $certificatePassword);
if(Test-Path $certificatePath){
	Remove-Item -Path $certificatePath;
}
Set-Content -Value $pfxCertificate -Path $certificatePath -Encoding Byte;

# #verify certificate
if(Test-Path $certificatePath){
	$pnpCert = Get-PnPAzureCertificate -CertificatePassword $secureCertificatePassword -CertificatePath $certificatePath;
	Write-Output "Saved certificate to $certificatePath, Thumbprint=$($pnpCert.Thumbprint)";
 }

# Connect using the certificate
$url = "<site url>";
$tenantAdminUrl = "<SOP admin url>";
$clientId = "<app client ID>";
$tenantId = "<tenant ID>";
Write-Output "Connecting to $url with $clientId";
$connection = Connect-PnPOnline -ReturnConnection -Url $url -ClientId $clientId -Tenant $tenantId -CertificatePath $certificatePath -CertificatePassword $secureCertificatePassword -ValidateConnection;

       

      • Hecklejk's avatar
        Hecklejk
        Copper Contributor
        Oct 24, 2024

        Gurdev Singh 

        Had to make a small change to the code to get this to work.

        Line 11 - The term "-Encoding Byte" no longer works, replaced with -AsByteStream resolved the issues I was having with getting the certificate out into the $env:Temp location.

Resources