Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the powershell command to upload certificate to AAD application?

Tags:

powershell

azure

azure-active-directory

In Azure portal, I can create an application under AAD, navigate to "Home (myTenant) -> App registrations -> (myApp) -> Settings -> Keys", upload public key which is a certificate to the application keys. This is easy using portal UI. But how can I do the certificate upload using Powershell command?

Thanks,

like image 540
Thror Avatar asked Oct 28 '25 23:10

Thror

2 Answers

You are looking for the command New-AzureRmADAppCredential https://learn.microsoft.com/en-us/powershell/module/azurerm.resources/new-azurermadappcredential?view=azurermps-5.0.0

Example 2 in the article should work for you

----------------8<--------------------

$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate 
$cer.Import("C:\myapp.cer") 
$binCert = $cer.GetRawCertData() 
$credValue = [System.Convert]::ToBase64String($binCert)

New-AzureRmADAppCredential -ApplicationId 4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58 -CertValue $credValue -StartDate $cer.GetEffectiveDateString() -EndDate $cer.GetExpirationDateString()
like image 185
Jarnstrom Avatar answered Oct 30 '25 19:10

Jarnstrom

2023 Update

For anyone reading now, when the recommended approach in Powershell is to use the Microsoft Graph modules over Azure AD modules, the relevant commands are Update-MgApplication with the -KeyCredentials param for a new certificate or Add-MgApplicationKey to update an existing certificate. (Yes, the language is confusing. Update the app to add a key. Add a key to update a key. And "key" actually means "public cert to validate a private key" in this case.)

Here's an example of function that pulls a cert from a keyvault and adds it to a registered AAD app:

function Set-AppCredential
{
    Param(
        [Parameter(Mandatory)]
        [string]$AppName,
        [Parameter(Mandatory)]
        [string]$KeyVaultName,
        [Parameter(Mandatory)]
        [string]$CertificateName
    )

    $Application = Get-MgApplication -Filter "DisplayName eq '$($AppName)'"

    $KeyVaultCertificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertificateName

    $CertCredential = @{
        Type = "AsymmetricX509Cert"
        Usage = "Verify"
        Key = $KeyVaultCertificate.Certificate.RawData
    }

    Update-MgApplication -ApplicationId $Application.Id -KeyCredentials @($CertCredential)

}
like image 32
sam256 Avatar answered Oct 30 '25 19:10

sam256
Sign in to Comment

Related questions

Escaping double dollar signs in password in AZ CLI in PowerShell shell
Powershell Hash Table Grouping
Looping through each item in a single output, using Powershell
Powershell: Pipe external command output to another external command
Powershell's AddSslCertificate() not working on IIS 10 (non-server) binding
Powershell using get-acl to return only user/groupnames?
command "amplify configure" can not run due to amplify.ps1 security issue
Normalize registry path in PowerShell
Create a string synopsis
Powershell Terminating Errors, Looking for Examples
.Bat file unable to run powershell 7
Invoke-Command with script block is not working on remote machine with no error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!