Thursday, 9 July 2015

Adding certificates to Azure Automation was not easy

Ok, so I decided I wanted to start looking at Azure Runbooks.  I thought rather than do what I normally do and go in blind without any knowledge on Runbooks that I'd first watch some of the free stuff on Microsoft Virtual Academy.  Apart from being easily distracted when sitting there watching people talk it helped me understand why I couldn't get to my subscription (ok you got me, I did try and have a go before reading up on it).

I got to the part where you add a certificate to the Runbooks assets which you then later use for the runbook to authenticate against our Azure subscription.  'This should be a 5 second job' I thought. I'd previously created a cert from our Microsoft Certificate server and exported the PFX and set a password.

Could I upload this to the assets - NO!!  It kept complaining with :

The certificate couldn't be created. For .pfx certificate files, ensure that the password is correct.

I read some articles that said to remove special characters.  Others that said to wait 24 hours.  I couldn't wait, I tried all sorts of combinations of passwords, asset names, certificate names. Still no joy.

After several frustrating hours, I decided to raise a MS support ticket.  Whilst waiting for them to reply I decided to try a self-signed certificate and upload it.  STRAIGHT IN!!  Hooray! It worked.

So the solution is to download the SDK for Windows 8/8.1 and run makecert with syntax :

C:\Program Files (x86)\Windows Kits\8.1\bin\x86>makecert.exe -r -n "CN=DevAzureA
utomationCert" -pe -a sha256 -len 2048 -ss My "c:\temp\DevAzureAutomationCert.ce
r"

-pe - makes it exportable, the rest is self explanatory.  With makecert you get a much longer expiry than a proper cert authority issued cert anyway.

Hope this saves someone a lot of pain.