New-AzureRmWebAppSSLBinding when used with -CertificateFilePath on ASE uploads the certificate to incorrect webspace

[nmallick1]

Description

Using New-AzureRmWebAppSSLBinding against a site hosted on an App Service Environment (ASE) along with -CertificateFilePath parameter to upload the certificate as well, causes the certificate to be uploaded in incorrect webspace. This subsequently causes the binding assignment to fail. New-AzureRmWebAppSSLBinding does not take the HostingEnvironmentProfile into consideration. The resulting webspace does not have ASE name appended to it.

Script/Steps for Reproduction

New-AzureRmWebAppSSLBinding -ResourceGroupName "<>" -WebAppName "<>" -Name "<>" -CertificatePassword "**" -CertificateFilePath "COMPLETE_PFX_FILE_PATH"

Module Version

<!-- Please run (Get-Module -ListAvailable) to get the version(s) of all modules, including Azure installed on your machine -->

Get-Module -ListAvailable

    Directory: C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Manifest   1.0.0.0    AppBackgroundTask                   {Disable-AppBackgr...
Manifest   2.0.0.0    AppLocker                           {Get-AppLockerFile...
Manifest   1.0.0.0    AppvClient                          {Add-AppvClientCon...
Manifest   2.0.0.0    Appx                                {Add-AppxPackage, ...
Script     1.0.0.0    AssignedAccess                      {Clear-AssignedAcc...
Manifest   1.0.0.0    BitLocker                           {Unlock-BitLocker,...
Manifest   2.0.0.0    BitsTransfer                        {Add-BitsFile, Com...
Manifest   1.0.0.0    BranchCache                         {Add-BCDataCacheEx...
Manifest   1.0.0.0    CimCmdlets                          {Get-CimAssociated...
Manifest   1.0        ConfigCI                            {Get-SystemDriver,...
Manifest   1.0        Defender                            {Get-MpPreference,...
Manifest   1.0.0.0    DeliveryOptimization                {Get-DeliveryOptim...
Manifest   1.0.0.0    DirectAccessClientComponents        {Disable-DAManualE...
Script     3.0        Dism                                {Add-AppxProvision...
Manifest   1.0.0.0    DnsClient                           {Resolve-DnsName, ...
Manifest   1.0.0.0    EventTracingManagement              {Start-EtwTraceSes...
Manifest   1.0.0.0    HgsClient                           {Get-HgsAttestatio...
Manifest   1.0.0.0    HgsDiagnostics                      {New-HgsTraceTarge...
Manifest   1.0.0.0    HostNetworkingService               {Remove-HnsNamespa...
Script     1.1.0.0    IISAdministration                   {Get-IISAppPool, S...
Manifest   2.0.0.0    International                       {Get-WinDefaultInp...
Manifest   1.0.0.0    iSCSI                               {Get-IscsiTargetPo...
Script     1.0.0.0    ISE                                 {New-IseSnippet, I...
Manifest   1.0.0.0    Kds                                 {Add-KdsRootKey, G...
Manifest   1.0.1.0    Microsoft.PowerShell.Archive        {Compress-Archive,...
Manifest   3.0.0.0    Microsoft.PowerShell.Diagnostics    {Get-WinEvent, Get...
Manifest   3.0.0.0    Microsoft.PowerShell.Host           {Start-Transcript,...
Manifest   1.0.0.0    Microsoft.PowerShell.LocalAccounts  {Add-LocalGroupMem...
Manifest   3.1.0.0    Microsoft.PowerShell.Management     {Add-Content, Clea...
Script     1.0        Microsoft.PowerShell.ODataUtils     Export-ODataEndpoi...
Manifest   3.0.0.0    Microsoft.PowerShell.Security       {Get-Acl, Set-Acl,...
Manifest   3.1.0.0    Microsoft.PowerShell.Utility        {Format-List, Form...
Manifest   3.0.0.0    Microsoft.WSMan.Management          {Disable-WSManCred...
Manifest   1.0        MMAgent                             {Disable-MMAgent, ...
Manifest   1.0.0.0    MsDtc                               {New-DtcDiagnostic...
Manifest   2.0.0.0    NetAdapter                          {Disable-NetAdapte...
Manifest   1.0.0.0    NetConnection                       {Get-NetConnection...
Manifest   1.0.0.0    NetDiagnostics                      Get-NetView          
Manifest   1.0.0.0    NetEventPacketCapture               {New-NetEventSessi...
Manifest   2.0.0.0    NetLbfo                             {Add-NetLbfoTeamMe...
Manifest   1.0.0.0    NetNat                              {Get-NetNat, Get-N...
Manifest   2.0.0.0    NetQos                              {Get-NetQosPolicy,...
Manifest   2.0.0.0    NetSecurity                         {Get-DAPolicyChang...
Manifest   1.0.0.0    NetSwitchTeam                       {New-NetSwitchTeam...
Manifest   1.0.0.0    NetTCPIP                            {Get-NetIPAddress,...
Manifest   1.0.0.0    NetworkConnectivityStatus           {Get-DAConnectionS...
Manifest   1.0.0.0    NetworkSwitchManager                {Disable-NetworkSw...
Manifest   1.0.0.0    NetworkTransition                   {Add-NetIPHttpsCer...
Manifest   1.0.0.0    PcsvDevice                          {Get-PcsvDevice, S...
Binary     1.0.0.0    PersistentMemory                    {Get-PmemDisk, Get...
Manifest   1.0.0.0    PKI                                 {Add-CertificateEn...
Manifest   1.0.0.0    PnpDevice                           {Get-PnpDevice, Ge...
Manifest   1.1        PrintManagement                     {Add-Printer, Add-...
Binary     1.0.11     ProcessMitigations                  {Get-ProcessMitiga...
Script     3.0        Provisioning                        {Install-Provision...
Manifest   1.1        PSDesiredStateConfiguration         {Set-DscLocalConfi...
Script     1.0.0.0    PSDiagnostics                       {Disable-PSTrace, ...
Binary     1.1.0.0    PSScheduledJob                      {New-JobTrigger, A...
Manifest   2.0.0.0    PSWorkflow                          {New-PSWorkflowExe...
Manifest   1.0.0.0    PSWorkflowUtility                   Invoke-AsWorkflow    
Manifest   1.0.0.0    ScheduledTasks                      {Get-ScheduledTask...
Manifest   2.0.0.0    SecureBoot                          {Confirm-SecureBoo...
Manifest   2.0.0.0    SmbShare                            {Get-SmbShare, Rem...
Manifest   2.0.0.0    SmbWitness                          {Get-SmbWitnessCli...
Manifest   1.0.0.0    StartLayout                         {Export-StartLayou...
Manifest   2.0.0.0    Storage                             {Add-InitiatorIdTo...
Manifest   2.0.0.0    TLS                                 {New-TlsSessionTic...
Manifest   1.0.0.0    TroubleshootingPack                 {Get-Troubleshooti...
Manifest   2.0.0.0    TrustedPlatformModule               {Get-Tpm, Initiali...
Binary     2.1.639.0  UEV                                 {Clear-UevConfigur...
Manifest   2.0.0.0    VpnClient                           {Add-VpnConnection...
Manifest   1.0.0.0    Wdac                                {Get-OdbcDriver, S...
Manifest   1.0.0.0    WebAdministration                   {Start-WebCommitDe...
Manifest   1.0.0.0    WindowsDeveloperLicense             {Get-WindowsDevelo...
Script     1.0        WindowsErrorReporting               {Enable-WindowsErr...
Manifest   1.0.0.0    WindowsSearch                       {Get-WindowsSearch...
Manifest   1.0.0.0    WindowsUpdate                       Get-WindowsUpdateLog 
Manifest   1.0.0.2    WindowsUpdateProvider               {Get-WUAVersion, G...

    Directory: C:\Program Files (x86)\Microsoft SQL 
    Server\120\Tools\PowerShell\Modules

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Manifest   1.0        SQLASCMDLETS                        {Add-RoleMember, B...
Manifest   1.0        SQLPS                               {Backup-SqlDatabas...

    Directory: C:\Program Files\WindowsPowerShell\Modules

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Script     1.0.1      Microsoft.PowerShell.Operation.V... {Get-OperationVali...
Binary     1.0.0.1    PackageManagement                   {Find-Package, Get...
Binary     1.0.0.0    PackageManagement                   {Find-Package, Get...
Script     3.4.0      Pester                              {Describe, Context...
Script     1.0.0.1    PowerShellGet                       {Install-Module, F...
Script     1.2        PSReadline                          {Get-PSReadlineKey...

    Directory: C:\Program Files (x86)\Microsoft 
    SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Manifest   0.4.7      Azure.AnalysisServices              {Add-AzureAnalysis...
Manifest   0.4.7      AzureRM.AnalysisServices            {Resume-AzureRmAna...
Manifest   4.4.1      AzureRM.ApiManagement               {Add-AzureRmApiMan...
Manifest   3.4.1      AzureRM.Automation                  {Get-AzureRMAutoma...
Manifest   3.4.1      AzureRM.Backup                      {Backup-AzureRmBac...
Manifest   3.4.1      AzureRM.Batch                       {Remove-AzureRmBat...
Manifest   0.13.7     AzureRM.Billing                     {Get-AzureRmBillin...
Manifest   3.4.1      AzureRM.Cdn                         {Get-AzureRmCdnPro...
Manifest   0.8.7      AzureRM.CognitiveServices           {Get-AzureRmCognit...
Manifest   3.4.1      AzureRM.Compute                     {Remove-AzureRmAva...
Manifest   0.2.7      AzureRM.Consumption                 Get-AzureRmConsump...
Manifest   0.0.2      AzureRM.ContainerInstance           {New-AzureRmContai...
Manifest   0.2.7      AzureRM.ContainerRegistry           {New-AzureRmContai...
Manifest   3.4.1      AzureRM.DataFactories               {Remove-AzureRmDat...
Manifest   0.2.1      AzureRM.DataFactoryV2               {Set-AzureRmDataFa...
Manifest   3.4.1      AzureRM.DataLakeAnalytics           {Get-AzureRmDataLa...
Manifest   4.4.1      AzureRM.DataLakeStore               {Get-AzureRmDataLa...
Manifest   3.4.1      AzureRM.DevTestLabs                 {Get-AzureRmDtlAll...
Manifest   3.4.1      AzureRM.Dns                         {Get-AzureRmDnsRec...
Manifest   0.1.1      AzureRM.EventGrid                   {New-AzureRmEventG...
Manifest   0.4.7      AzureRM.EventHub                    {New-AzureRmEventH...
Manifest   3.4.1      AzureRM.HDInsight                   {Get-AzureRmHDInsi...
Manifest   3.4.1      AzureRM.Insights                    {Get-AzureRmUsage,...
Manifest   2.4.1      AzureRM.IotHub                      {Add-AzureRmIotHub...
Manifest   3.4.1      AzureRM.KeyVault                    {Add-AzureKeyVault...
Manifest   3.4.1      AzureRM.LogicApp                    {Get-AzureRmIntegr...
Manifest   0.15.7     AzureRM.MachineLearning             {Move-AzureRmMlCom...
Manifest   0.1.0      AzureRM.MachineLearningCompute      {Get-AzureRmMlOpCl...
Manifest   0.1.0      AzureRM.MarketplaceOrdering         {Get-AzureRmMarket...
Manifest   0.7.7      AzureRM.Media                       {Sync-AzureRmMedia...
Manifest   4.4.1      AzureRM.Network                     {Add-AzureRmApplic...
Manifest   3.4.1      AzureRM.NotificationHubs            {Get-AzureRmNotifi...
Manifest   3.4.1      AzureRM.OperationalInsights         {New-AzureRmOperat...
Manifest   3.4.1      AzureRM.PowerBIEmbedded             {Remove-AzureRmPow...
Manifest   3.4.1      AzureRM.Profile                     {Disable-AzureRmDa...
Manifest   3.4.1      AzureRM.RecoveryServices            {Get-AzureRmRecove...
Manifest   3.4.1      AzureRM.RecoveryServices.Backup     {Backup-AzureRmRec...
Manifest   0.1.6      AzureRM.RecoveryServices.SiteRec... {Edit-AzureRmRecov...
Manifest   3.4.1      AzureRM.RedisCache                  {Remove-AzureRmRed...
Manifest   0.2.7      AzureRM.Relay                       {New-AzureRmRelayN...
Manifest   4.4.1      AzureRM.Resources                   {Get-AzureRmProvid...
Manifest   0.15.7     AzureRM.Scheduler                   {Disable-AzureRmSc...
Manifest   3.4.1      AzureRM.ServerManagement            {Invoke-AzureRmSer...
Manifest   0.4.7      AzureRM.ServiceBus                  {New-AzureRmServic...
Manifest   0.2.7      AzureRM.ServiceFabric               {Add-AzureRmServic...
Manifest   4.4.1      AzureRM.SiteRecovery                {Get-AzureRmSiteRe...
Manifest   3.4.1      AzureRM.Sql                         {Get-AzureRmSqlDat...
Manifest   3.4.1      AzureRM.Storage                     {Get-AzureRmStorag...
Manifest   3.4.1      AzureRM.StreamAnalytics             {Get-AzureRmStream...
Manifest   3.4.1      AzureRM.Tags                        {Remove-AzureRmTag...
Manifest   3.4.1      AzureRM.TrafficManager              {Disable-AzureRmTr...
Manifest   3.4.1      AzureRM.UsageAggregates             Get-UsageAggregates  
Manifest   3.4.1      AzureRM.Websites                    {Get-AzureRmAppSer...

    Directory: C:\Program Files (x86)\Microsoft 
    SDKs\Azure\PowerShell\ServiceManagement

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Manifest   4.4.1      Azure                               {Get-AzureAutomati...

    Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\Storage

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Manifest   3.4.1      Azure.Storage                       {Get-AzureStorageT...

    Directory: C:\Program Files (x86)\Microsoft Azure Information 
    Protection\Powershell

ModuleType Version    Name                                ExportedCommands     
---------- -------    ----                                ----------------     
Binary     1.37.19.0  AzureInformationProtection          {Clear-RMSAuthenti...

Environment Data

$PSVersionTable

Name                           Value                                                                                                                                                       
----                           -----                                                                                                                                                       
PSVersion                      5.1.17134.228                                                                                                                                               
PSEdition                      Desktop                                                                                                                                                     
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                     
BuildVersion                   10.0.17134.228                                                                                                                                              
CLRVersion                     4.0.30319.42000                                                                                                                                             
WSManStackVersion              3.0                                                                                                                                                         
PSRemotingProtocolVersion      2.3                                                                                                                                                         
SerializationVersion           1.1.0.1                           

[MiYanni]

@ahmedelnably @panchagnula Can one of you take a look at this issue? Thanks.

[markcowl]

@nmallick1 Can you try this with the latest version of AzureRM modules?

[panchagnula]

@nmallick1 : Webspaces is not a concept that we expose to on our API level so we never use this property on CLI or PS - so this should be something the API should handle or at least, there should be someother property we might be missing here to set, but webspace is not something we will be able to set from OS, I am closing this - since we cannot fix this. If this is not an API level issue & we need to make some changes (like set some other property so that the API works correctly) then please file a new issue. Thank you.

[nmallick1]

@Sisira Panchagnulamailto:sisirap@microsoft.com The property we miss adding is the HostingEnvironmentProfile within the properties of the certificate PUT call. If the HostingEnvironmentProfile is present then the webspace is properly assigned by the backend API.

I actually wanted to request a means to specify the HostingEnvironmentProfile in this cmdlet.

---

From: Sisira Panchagnula notifications@github.com Sent: Friday, October 12, 2018 4:46 PM To: Azure/azure-powershell Cc: Nazeef Mallick; Mention Subject: Re: [Azure/azure-powershell] New-AzureRmWebAppSSLBinding when used with -CertificateFilePath on ASE uploads the certificate to incorrect webspace (#7537)

@nmallick1https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnmallick1&data=02%7C01%7Cnmallick%40microsoft.com%7C8a8a33a4b3024f8f76e608d6309ce6a3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636749847828227783&sdata=ewj8EOhuyvir9sPgHSbmvvLo%2BXJnc9Trvj8K%2FiGfZ8E%3D&reserved=0 : Webspaces is not a concept that we expose to on our API level so we never use this property on CLI or PS - so this should be something the API should handle or at least, there should be someother property we might be missing here to set, but webspace is not something we will be able to set from OS, I am closing this - since we cannot fix this. If this is not an API level issue & we need to make some changes (like set some other property so that the API works correctly) then please file a new issue. Thank you.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2Fazure-powershell%2Fissues%2F7537%23issuecomment-429490925&data=02%7C01%7Cnmallick%40microsoft.com%7C8a8a33a4b3024f8f76e608d6309ce6a3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636749847828227783&sdata=sleZsxGCcbaHsYcU9ewAtacBWUO9oGikWGbyZkoha58%3D&reserved=0, or mute the threadhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAUBiSX-4NkJdDpLXKJx-1CCAUvEQ8E2Aks5ukSnHgaJpZM4XaSSa&data=02%7C01%7Cnmallick%40microsoft.com%7C8a8a33a4b3024f8f76e608d6309ce6a3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636749847828227783&sdata=%2FzTFBtU2Y0cbj8FIXiq39KPYZtN1QECshVgzXiv%2FgXI%3D&reserved=0.