Home
%3CLINGO-SUB%20id%3D%22lingo-sub-401403%22%20slang%3D%22en-US%22%3EHow%20To%20Create%20a%20Self%20Signed%20Certificate%20in%20Azure%20using%20Cloud%20Shell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-401403%22%20slang%3D%22en-US%22%3E%3CP%3EOften%20we%20need%20self%20signed%20certificates%20when%20spinning%20up%20test%20apps%20or%20other%20workload%20in%20Azure.%20Rather%20than%20mucking%20about%20with%20makecert.exe%20and%20uploading%20the%20relevant%20certificate%20files%20to%20Azure%20or%20configuring%20a%20temporary%20certificate%20from%20a%20CA%20that%20you%20are%20running%2C%20you%20can%20easily%20use%20Cloud%20Shell%20to%20create%20your%20own%20self%20signed%20certificate%20using%20the%20openssl%20command%20line%20utility.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20following%20example%20you%20create%20a%20self%20signed%20x509%20certificate%20called%20selfsigncert.crt%20and%20then%20export%20it%20as%20a%20file%20in%20pfx%20format.%20To%20do%20this%2C%20perform%20the%20following%20steps%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EOpen%20Cloud%20Shell%3C%2FLI%3E%0A%3CLI%3EEnter%20the%20following%20code%20into%20Cloud%20Shell%20to%20create%20a%20self%20signed%20certificate%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CPRE%3Eopenssl%20req%20-x509%20-sha256%20-nodes%20-days%20365%20-newkey%20rsa%3A2048%20-keyout%20privateKey.key%20-out%20selfsigncert.crt%3C%2FPRE%3E%0A%3COL%20start%3D%223%22%3E%0A%3CLI%3EProvide%20the%20following%20information%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CUL%3E%0A%3CLI%3ECountry%20Name%20(2%20letter%20code)%20%5B%5D%3A%3C%2FLI%3E%0A%3CLI%3EState%20or%20Province%20Name%20(full%20name)%20%5BSome-State%5D%3A%3C%2FLI%3E%0A%3CLI%3ELocality%20Name%20(eg%2C%20city)%20%5B%5D%3A%3C%2FLI%3E%0A%3CLI%3EOrganization%20Name%20(eg%2C%20company)%20%5BInternet%20Widgits%20Pty%20Ltd%5D%3A%3C%2FLI%3E%0A%3CLI%3EOrganizational%20Unit%20Name%20(eg%2C%20section)%20%5B%5D%3A%3C%2FLI%3E%0A%3CLI%3ECommon%20Name%20(e.g.%20server%20FQDN%20or%20YOUR%20name)%20%5B%5D%3A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3COL%20start%3D%224%22%3E%0A%3CLI%3EExport%20the%20certificate%20by%20running%20the%20following%20command%20in%20Cloud%20Shell%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CPRE%3Eopenssl%20pkcs12%20-export%20-out%20selfsigncert.pfx%20-inkey%20privateKey.key%20-in%20selfsigncert.crt%3C%2FPRE%3E%0A%3COL%20start%3D%225%22%3E%0A%3CLI%3EProvide%20a%20password%20for%20the%20certificate.%3C%2FLI%3E%0A%3CLI%3EOnce%20you%20have%20the%20certificate%20files%2C%20copy%20them%20across%20to%20your%20clouddrive%20to%20ensure%20that%20the%20certificate%20files%20persist%20after%20you%20finish%20your%20cloud%20shell%20session.%20As%20clouddrive%20can%20be%20mounted%20as%20a%20file%20share%2C%20this%20allows%20you%20to%20import%20the%20certificate%20into%20running%20IaaS%20VMs%20should%20you%20so%20choose.%3C%2FLI%3E%0A%3CLI%3EYou%20can%20copy%20the%20certificate%20files%20to%20the%20cloud%20drive%20with%20the%20following%20command%3A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CPRE%3Ecp%20*%20.%2Fcloudrive%2F.%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-401403%22%20slang%3D%22en-US%22%3E%3CP%3EOften%20we%20need%20self%20signed%20certificates%20when%20spinning%20up%20test%20apps%20or%20other%20workload%20in%20Azure.%20Rather%20than%20mucking%20about%20with%20makecert.exe%20and%20uploading%20the%20relevant%20certificate%20files%20to%20Azure%20or%20configuring%20a%20temporary%20certificate%20from%20a%20CA%20that%20you%20are%20running%2C%20you%20can%20easily%20use%20Cloud%20Shell%20to%20create%20your%20own%20self%20signed%20certificate%20using%20the%20openssl%20command%20line%20utility.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20900px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F111104i79D7AF772C475768%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Azure_Cloud_Shell.png%22%20title%3D%22Azure_Cloud_Shell.png%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAzure%20Cloud%20Shell%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-401403%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-504267%22%20slang%3D%22en-US%22%3ERe%3A%20How%20To%20Create%20a%20Self%20Signed%20Certificate%20in%20Azure%20using%20Cloud%20Shell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-504267%22%20slang%3D%22en-US%22%3E%3CP%3EAnd%20if%20you%20are%20a%20powershell%20person%20you'd%20start%20a%20powershell%20shell%20then%20do%20new-selfsignedcertificate!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fpkiclient%2Fnew-selfsignedcertificate%3Fview%3Dwin10-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fpkiclient%2Fnew-selfsignedcertificate%3Fview%3Dwin10-ps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Often we need self signed certificates when spinning up test apps or other workload in Azure. Rather than mucking about with makecert.exe and uploading the relevant certificate files to Azure or configuring a temporary certificate from a CA that you are running, you can easily use Cloud Shell to create your own self signed certificate using the openssl command line utility.

 

In the following example you create a self signed x509 certificate called selfsigncert.crt and then export it as a file in pfx format. To do this, perform the following steps:

 

  1. Open Cloud Shell
  2. Enter the following code into Cloud Shell to create a self signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out selfsigncert.crt
  1. Provide the following information
  • Country Name (2 letter code) []:
  • State or Province Name (full name) [Some-State]:
  • Locality Name (eg, city) []:
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  • Organizational Unit Name (eg, section) []:
  • Common Name (e.g. server FQDN or YOUR name) []:
  1. Export the certificate by running the following command in Cloud Shell
openssl pkcs12 -export -out selfsigncert.pfx -inkey privateKey.key -in selfsigncert.crt
  1. Provide a password for the certificate.
  2. Once you have the certificate files, copy them across to your clouddrive to ensure that the certificate files persist after you finish your cloud shell session. As clouddrive can be mounted as a file share, this allows you to import the certificate into running IaaS VMs should you so choose.
  3. You can copy the certificate files to the cloud drive with the following command:
cp * ./cloudrive/.

 

1 Comment
Occasional Contributor

And if you are a powershell person you'd start a powershell shell then do new-selfsignedcertificate!

 

https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps