Monday, 6 December 2021

How to use the management certificate to manage the Azure cloud service by DevOps pipeline

 Azure DevOps provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS). 

Azure cloud services can be managed in Azure DevOps by using the PowerShell cmdlets that are available in the Azure PowerShell tools, so that you can perform all of your cloud service management tasks within the service. Management certificates allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. 

 

Purpose:

This blog is to guide you to create a management certificate and use it to manage your Azure Classic resources such as Cloud Service in Azure DevOps.

 

Part 1. Create a management certificate by openssl. (Refer to the document https://docs.microsoft.com/en-us/azure/application-gateway/self-signed-certificates#create-a-root-ca...)

 

1. Sign in to your computer where OpenSSL is installed and run the following command. This creates a password protected key.

 

openssl ecparam -out test.key -name prime256v1 -genkey

 

 

2. Use the following commands to generate the csr and the certificate.

 

openssl req -new -sha256 -key test.key -out test.csr

 

 

3. When prompted, type the password for the root key, and the organizational information for the custom CA such as Country/Region, State, Org, OU, and the fully qualified domain name (this is the domain of the issuer).

 

openssl x509 -req -sha256 -days 365 -in test.csr -signkey test.key -out test.crt

       

 

4. Generate the pfx certificate by the crt file which can be used in the Azure DevOps pipeline.

 

openssl pkcs12 -export -out frankmgmt.pfx -inkey test.key -in test.crt

       

 

5. Create a cer file by the pfx certificate which can be uploaded to the Azure Portal as management certificate.

        

openssl pkcs12 -in frankmgmt.pfx -out test.cer -nodes

 

 

Part 2. Upload the cer file to the management certificate of subscription.

 

1. Search the certificate in the Subscription.

2. Pick the Management certificates.

3. Upload the cer file to the management certificate.

4. You will find the management certificate in the Azure Portal.

 

thumbnail image 1 captioned 11

 

 

Part 3. How to use the management certificate to verify the Azure Service Manager (ASM) resources in Azure DevOps pipeline.

 

1. In the Library, find the secure files and upload the pfx certificate as secure file.

thumbnail image 2 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							How to use the management certificate to manage the Azure cloud service by DevOps pipeline

 

 

2. Create Powershell script like below for test.

 

 

param ($input1)

Write-Host "Script test.ps1 ..."

$PSVersionTable

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

$SigningCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$SigningCert.Import($input1, "<password>", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"DefaultKeySet")

Set-AzureSubscription -SubscriptionName "<subscription name>" -SubscriptionId "<subscription id>" -Certificate $SigningCert
Select-AzureSubscription -SubscriptionName "<subscription name>"

 

 

 

3. Create two events in the pipeline, Download Secure file and PowerShell Script.

 

thumbnail image 3 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							How to use the management certificate to manage the Azure cloud service by DevOps pipeline

 

 

4. Download secure file.

 

thumbnail image 4 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							How to use the management certificate to manage the Azure cloud service by DevOps pipeline

 

 

5. Set up the script path and arguments of Powershell Script.

 

thumbnail image 5 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							How to use the management certificate to manage the Azure cloud service by DevOps pipeline

 

6. We can successfully get the cloud service deployment information by Get-AzureDeployment command.

 

Here is an example we used to get the deployment details in the cloud service. https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure.service/get-azuredeployme...

 

Get-AzureDeployment

 

thumbnail image 6 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							How to use the management certificate to manage the Azure cloud service by DevOps pipeline

 

No comments:

Post a Comment