How to use the management certificate get cloud service information by DevOps pipeline

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Background:

Azure DevOps provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS). Azure cloud services can be managed in Azure DevOps by using the PowerShell cmdlets that are available in the Azure PowerShell tools, so that you can perform all of your cloud service management tasks within the service. Management certificates allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. 

 

Purpose:

This blog is to guide you to create a management certificate and use it to manage your Azure Classic resources such as Cloud Service in Azure DevOps.

 

Part 1. Create a management certificate by openssl. (Refer to the document https://docs.microsoft.com/en-us/azure/application-gateway/self-signed-certificates#create-a-root-ca-certificate)

 

1. Sign in to your computer where OpenSSL is installed and run the following command. This creates a password protected key.

 

openssl ecparam -out test.key -name prime256v1 -genkey

 

 

2. Use the following commands to generate the csr and the certificate.

 

openssl req -new -sha256 -key test.key -out test.csr

 

 

3. When prompted, type the password for the root key, and the organizational information for the custom CA such as Country/Region, State, Org, OU, and the fully qualified domain name (this is the domain of the issuer).

 

openssl x509 -req -sha256 -days 365 -in test.csr -signkey test.key -out test.crt

       

 

4. Generate the pfx certificate by the crt file which can be used in the Azure DevOps pipeline.

 

openssl pkcs12 -export -out frankmgmt.pfx -inkey test.key -in test.crt

       

 

5. Create a cer file by the pfx certificate which can be uploaded to the Azure Portal as management certificate.

        

openssl pkcs12 -in frankmgmt.pfx -out test.cer -nodes

 

 

Part 2. Upload the cer file to the management certificate of subscription.

 

1. Search the certificate in the Subscription.

2. Pick the Management certificates.

3. Upload the cer file to the management certificate.

4. You will find the management certificate in the Azure Portal.

 

11

 

 

Part 3. How to use the management certificate to verify the Azure Service Manager (ASM) resources in Azure DevOps pipeline.

 

1. In the Library, find the secure files and upload the pfx certificate as secure file.

2.jpg

 

 

2. Create Powershell script like below for test.

 

param ($input1) Write-Host "Script test.ps1 ..." $PSVersionTable [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; $SigningCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $SigningCert.Import($input1, "<password>", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"DefaultKeySet") Set-AzureSubscription -SubscriptionName "<subscription name>" -SubscriptionId "<subscription id>" -Certificate $SigningCert Select-AzureSubscription -SubscriptionName "<subscription name>"

 

 

3. Create two events in the pipeline, Download Secure file and PowerShell Script.

 

3.jpg

 

 

4. Download secure file.

 

4.jpg

 

 

5. Set up the script path and arguments of Powershell Script.

 

5.jpg

 

6. We can successfully get the cloud service deployment information by Get-AzureDeployment command.

 

Here is an example we used to get the deployment details in the cloud service. https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure.service/get-azuredeployment?view=azuresmps-4.0.0

 

Get-AzureDeployment

 

6.jpg

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.