I'm fairly new to Azure and need to create an Azure application to authenticate against for a script which connects to Exchange Online (EXO3) and collects all Exchange Distribution Lists for a client.
The script works just fine on its own, however I need it to run as a scheduled task on a domain controller, so this requires Azure authentication. I created a basic self-signed cer file on the DC but because this doesn't have the property Provider = 'Microsoft Enhanced RSA and AES Cryptographic Provider'. I think the .cer file won't upload to Azure.
I get
Failed to add certificate. Error detail: Upload a certificate (public key) with one of the following types : .cer, .pem, .crt
My cert is a .cer with password. From what I've read on this error and in this MS article it seems that Azure needs certain properties including a 'Provider', and this provider from what I understand should be 'Microsoft Enhanced RSA and AES Cryptographic Provider'.
When I run the script below on my W2012R2 domain controller powershell doesn't understand the 'Provider' part and throws the error in the subject:
$automationAccount = 'GetDistributionLists'
$certExpiryMonths = 24
$certPfxPassword = 'blahblah'
$certExportPath = 'C:\'
$resourceGroup = 'Name of Azure App'
$location = "UK"
$certPassword = ConvertTo-SecureString $certPfxPassword -AsPlainText -Force
#Generate SSL certificate
Write-Host "Generate self signed certificate for - $automationAccount"
$selfSignedCertSplat = @{
DnsName = $automationAccount
Subject = $automationAccount
CertStoreLocation = 'cert:\CurrentUser\My'
KeyExportPolicy = 'Exportable'
Provider = 'Microsoft Enhanced RSA and AES Cryptographic Provider'
NotAfter = (Get-Date).AddMonths($certExpiryMonths)
HashAlgorithm = 'SHA256'
}
$selfSignedCert = New-SelfSignedCertificate @selfSignedCertSplat
#Export SSL certificate to file
Write-Host "Export self signed certificate to folder - $certExportPath"
$certThumbPrint = 'cert:\CurrentUser\My\' + $selfSignedCert.Thumbprint
Export-Certificate -Cert $certThumbPrint -FilePath "$certExportPath\$automationAccount.cer" -Type CERT | Write-Verbose
I get this error:
New-SelfSignedCertificate : A parameter cannot be found that matches parameter name 'Provider'.
At \\dfs\users\userfolders\username\Desktop\GetDistributionGroupCertAzure.ps1:22 char:45
+ $selfSignedCert = New-SelfSignedCertificate @selfSignedCertSplat
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-SelfSignedCertificate], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand
Does anyone know how to get round this? I need to create the cert on the DC (I think, as this is where the scheduled tasks is running from - but I could be wrong about this..) but it seems like some kind of Powershell version/module limitation to me which is stopping this from working.
Can anyone help shed some light on how I might get this working? Can I create it elsewhere and then just import it on the DC?
Powershell version:
Name Value
---- -----
PSVersion 5.1.14409.1029
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14409.1029
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Looks like I've figured it out!
Simply, I had to create the cert locally with the higher OS/Powershell version I had on my local machine, then export to the DC and Azure...
Doh.