For Web App, there are two kinds of SSL/TLS certificates - private certificate and public certificate.
For some users they might have lots of web apps and certificates which need to managed. So I've been asked many times for how to get (both private and public) certificates in bulk. In this blog I will show how to get Web Apps private certificates and public certificates under a subscription correspondingly.
For the private certificates, we have the existing feature and API to bulk get the private certificates under a subscription. The following shows how to use Azure Resource Graph Explorer and Azure REST API to get them:
Option 1: Use Azure Resource Graph Explorer
In Azure portal -> Go to the "Resource Graph Explorer" service -> search the "microsoft.web/certificates" resource -> in the Kusto query, filter the subscriptionId and pick the fields you need.
An example Kusto query as below:
resources
| where type == "microsoft.web/certificates"
| where subscriptionId =="xxxx"
| project name, resourceGroup, properties
Note:
Option 2: Use List Certificates REST API
You can also use List Certificates REST API to bulk get the private certificates.
There is no such feature or API to bulk list all the public certificates. The Get Public Certificate REST API can only get the public certificate for one web app each time. So the idea to get web apps public certificates in bulk as below:
The example of PowerShell to achieve it as below:
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
#replace your own bearer token here
$headers.Add("Authorization", "Bearer xxxx")
#replace your own subscription here
$subscription="xxxx"
$url1="https://management.azure.com/subscriptions/$($subscription)/providers/Microsoft.Web/sites?api-version=2021-02-01"
#get web app list under the subscription
$response = Invoke-RestMethod $url1 -Method 'GET' -Headers $headers
$json= $response | ConvertTo-Json
$x = $json | ConvertFrom-Json
#loop the web apps list
foreach ($line in $x.value) {
$webapp=$($line.id)
$a1 = $webapp.Split("/")
$rg=$a1[4]
$appname=$a1[8]
write-host "The public certificate thumbprint(s) under the app $appname as following:"
$url2=”https://management.azure.com/subscriptions/$($subscription)/resourceGroups/$($rg)/providers/Microsoft.Web/sites/$($appname)/publicCertificates?api-version=2021-02-01“
#get each web app's public certificate
$res_cert = Invoke-RestMethod $url2 -Method 'GET' -Headers $headers
$json2=$res_cert | ConvertTo-Json
$y=$json2 | ConvertFrom-Json
foreach ($z in $y.value) {
$cerpro=$($z.properties)
$thrumbp=$($cerpro)
$cert_split=$thrumbp.Split(";")
$thumbprint=$cert_split[$cert_split.Count-1].Split("=")[1].Split("}")[0]
write-host $thumbprint
}
}
Then you can get the web apps public certificates in bulk.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.