locked
Adding SSL certificate to Linux Azure VM RRS feed

  • Question

  • Hi,

    I want to establish a HTTPS connection for my Docker UI container, so I am trying to add a SSL certificate to my Linux Virtual VM. I already added the .pfx SSL certificate to my Azure key vault, and I was following a previous post:

    So, I did this

    $certURL=(Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name $key).id
    $vm=Get-AzureRmVM -ResourceGroupName $resourceGroup -Name $vmName
    $vaultId=(Get-AzureRmKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
    $vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore "etc/ssl/certs" -CertificateUrl $certURL

    Update-AzureRmVM -ResourceGroupName $resourceGroup -VM $vm

    However, I got this error:

    Update-AzVM: Parameter 'certificateStore' is not allowed.
    ErrorCode: InvalidParameter
    ErrorMessage: Parameter 'certificateStore' is not allowed.
    ErrorTarget: certificateStore
    StatusCode: 400
    ReasonPhrase: Bad Request

    Does anyone know why this is happening or how to fix it?

    Friday, March 20, 2020 4:08 PM

All replies

  • Can you please share which Azure document you are following to achieve this?
    Also if you can share the link to the 'previous post', you referred to.
    Thanks.
    Friday, March 20, 2020 5:01 PM
  • So I was able to get add a certificate by removing the -CertificateStore "etc/ssl/certs". However, can't find the certificate in the /var/lib/waagent/ folder.

    I made an issue for this:

     (azure-docs issue 50599)

    I am following this guide:

    Tutorial: Secure a web server on a Linux virtual machine in Azure with SSL certificates stored in Key Vault

    Sorry can't add links until my account is verified.

    Friday, March 20, 2020 8:44 PM
  • Hi,

    I went through the github issue.

    You are using old Azure powershell commands  Add-AzureRmVM

    They are changed to Add-AzVM. Let me know the version of your AZ powershell module.

    Also go to you key vault and check the for mat of the key. When we create a certificate  with azure cli, i think by default it created a pem certificate. Which goes well with the Linux machine.

    Based on your description, It looks like pfx certificate is created. Can you create on with pem and try once?
    or use azure cli.

    Monday, March 23, 2020 5:51 AM
  • I was able to generate a pfx certificate with the updated Azure powershell commands. thank you!
    Monday, March 23, 2020 2:09 PM
  • Thanks for sharing the update.

    Please 'Mark as answer' if any of the replies above helped answer your question, so that it can help others in the community.

    Tuesday, March 24, 2020 1:08 AM