How To Create a Self Signed Certificate in Azure using Cloud Shell
Published Apr 30 2019 01:11 AM 33.3K Views
Microsoft

Often we need self signed certificates when spinning up test apps or other workload in Azure. Rather than mucking about with makecert.exe and uploading the relevant certificate files to Azure or configuring a temporary certificate from a CA that you are running, you can easily use Cloud Shell to create your own self signed certificate using the openssl command line utility.

 

In the following example you create a self signed x509 certificate called selfsigncert.crt and then export it as a file in pfx format. To do this, perform the following steps:

 

  1. Open Cloud Shell
  2. Enter the following code into Cloud Shell to create a self signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out selfsigncert.crt
  1. Provide the following information
  • Country Name (2 letter code) []:
  • State or Province Name (full name) [Some-State]:
  • Locality Name (eg, city) []:
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  • Organizational Unit Name (eg, section) []:
  • Common Name (e.g. server FQDN or YOUR name) []:
  1. Export the certificate by running the following command in Cloud Shell
openssl pkcs12 -export -out selfsigncert.pfx -inkey privateKey.key -in selfsigncert.crt
  1. Provide a password for the certificate.
  2. Once you have the certificate files, copy them across to your clouddrive to ensure that the certificate files persist after you finish your cloud shell session. As clouddrive can be mounted as a file share, this allows you to import the certificate into running IaaS VMs should you so choose.
  3. You can copy the certificate files to the cloud drive with the following command:
cp * ./cloudrive/.

 

10 Comments
Brass Contributor

And if you are a powershell person you'd start a powershell shell then do new-selfsignedcertificate!

 

https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps

Copper Contributor

@Tony Rothunfortunately new-selfsignedcertificate doesn't seem to be available on Cloud Shell...

Microsoft

@thomaslevesque If you have powershell loaded in Cloud Shell (pwsh) and run the following to import the PSPKI module from the Azure Gallery

 

PS Azure:\> install-module -name pspki

you then get access to new-selfsignedcertificateex

 

clipboard_image_0.png

 

Copper Contributor

@OrinThomas  thanks! I had tried to install "PKI" or "PKIClient" but couldn't find the right module name

Copper Contributor

Unfortunately new-selfsignedcertificateex doesn't seem to work... it says "Windows XP and Windows Server 2003 are not supported!"

Microsoft

Ah - it used to work on the old PowerShell  cloudshell. I imagine it might be a compat issue that will eventually be resolved, but I guess at the moment it doesn't work. 

Brass Contributor

Yes it did use to work in the old powershell, oh well not like its something I use everyday,  was confused about the extra "Ex" at the end of the cmdlet too.

Copper Contributor

has anyone tried certbot in Azure Cloud Shell?

Copper Contributor

Hi @OrinThomas @Tony Roth @Guy Derenoncourt II @thomaslevesque 

 

Could you please help me below?

 

Issue: I have ran the openssl command for self signed certificate in CLOUDSHELL. But unable to download file with pfx format in CLOUDSHELL

 

Need assistance on file share - self signed certificate creation - file download from cloud shell - No such directory found

----------


I have ran the following command to export certificate with .pfx and not able to download it

Can you please help me with it?

 

How to download pfx certificate in cloudshell?


Storage account name: https://deletemlworksp.file.core.windows.net/azurefiletestcloudshelldelete/.cloudconsole

command:

------

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out selfsigncertwithpwd01.crt

openssl pkcs12 -export -out selfsigncert.pfx -inkey privateKey.key -in selfsigncertwithpwd01.crt

 

 

output

---

PS /home/user1> cp * ./cloudrive/.
/usr/bin/cp: target './cloudrive/.' is not a directory
PS /home/user1> cp * ./user1
/usr/bin/cp: target './user1' is not a directory
PS /home/user1> cp * ./cloudconsole
/usr/bin/cp: target './cloudconsole' is not a directory
PS /home/user1> cp * ./cloudconsole/.
/usr/bin/cp: target './cloudconsole/.' is not a directory
PS /home/user1> cp * https://deletemlworksp.file.core.windows.net/azurefiletestcloudshelldelete/.cloudconsole
/usr/bin/cp: target 'https://deletemlworksp.file.core.windows.net/azurefiletestcloudshelldelete/.cloudconsole' is not a directory
PS /home/user1>

Copper Contributor

@Balaji G There is a typo in the original post.  

cp * ./cloudrive/.

 

Should read:

 

cp * ./clouddrive/.

 

Version history
Last update:
‎Apr 30 2019 04:59 AM
Updated by: