search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.28k stars 21.46k forks source link

Commands to renew certificate #34512

Closed dcbrown16 closed 5 years ago

dcbrown16 commented 5 years ago

Many businesses would prefer to detect upcoming certificate expirations and renew automatically, rather than go into the Portal for renewal. What PowerShell commands would renew the certificate for your RunAs account, so you can automate that (using Automation itself)?

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

DixitArora-MSFT commented 5 years ago

Hi @dcbrown16 Thank you for your feedback! We will review and provide an update as appropriate.

SwathiDhanwada-MSFT commented 5 years ago

@bobbytreed Can you please look into this request?

bobbytreed commented 5 years ago

Sure, I will see if we can get a sample script added.

ikanni commented 5 years ago

To renew automatically please use https://github.com/ikanni/PowerShellScripts/blob/master/AzureAutomation/RunAsAccount/GrantPermissionToRunAsAccountAADApplication-ToRenewCertificateItself-CreateSchedule.ps1

  1. GrantPermissionToRunAsAccountAADApplication-ToRenewCertificateItself-CreateSchedule.ps1 script will automate all operations mentioned in Update-AutomationRunAsCredential.ps1 documentation and create a weekly schedule to renew RunAsAccount certificate.

  2. Once you execute the GrantPermissionToRunAsAccountAADApplication-ToRenewCertificateItself-CreateSchedule.ps1 script, you will find a Update-AutomationRunAsCredential runbook in your automation account. To test the renewal process immediately, please open the Update-AutomationRunAsCredential runbook and comment line 122 and start the runbook. Please remember to rollback this change. image

  3. Only constraint is the user executing GrantPermissionToRunAsAccountAADApplication-ToRenewCertificateItself-CreateSchedule.ps1 need to be a Global Administrator / Company Administrator in Azure AD.

  4. Known issues: The above script failed with old automation accounts and we need to check with AAD team on that.

Let us know if you run into any issues.

bobbytreed commented 5 years ago

please-close

dcbrown16 commented 5 years ago

Thanks @ikanni and @bobbytreed !