Automate cloud operations with Azure automation (3)

Source: Internet
Author: User
Tags openssl x509 pfx file

How Azure Automation is certified: Certificates

This approach is recommended for automation authentication, the advantage is high security, the expiration time is controlled by oneself, the bad place is that everyone on Windows to generate a certificate is troublesome, and must be uploaded to Azure management and automation,

Automation requires two files:. PFX certificates are used for user automation-side connection Azure,.cer files, Azure Management-side certificate files, and these two files must match one another.

For the creation of certificates, personal comparison of recommended methods, or I like to use the method, is the use of open source OpenSSL tool, a few commands quickly, I installed in my native Ubuntu on Windows, very convenient, everyone interested can be consulted:

http://cloudapps.blog.51cto.com/3136598/1761954

Linux-based OpenSSL generation certificate:
    1. The General Linux has its own OpenSSL, if there is no need to install, of course, you can use Windows, the first step is to generate the server-side X509 file and key, remember the password generated here :

      $ OpenSSL req-x509-days 365-newkey rsa:1024-keyout server-key.pem-out Server-cert.pem

      650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161921873-192259176. PNG "style=" border:0px; "/>

650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161922623-1031408448. PNG "style=" border:0px; "/>

  1. Then through the Pem file, key, use OpenSSL to generate the PFX file required by Azure Automation:

    $ OpenSSL pkcs12-export-in server-cert.pem-inkey server-key.pem-out mycert.pfx

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161923529-188030967. PNG "style=" border:0px; "/>

  2. Finally, generate the CER file for the required size of the Azure server management by using the Pem file:

    $ OpenSSL x509-inform pem-in server-cert.pem-outform der-out mycert.cer

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161924248-1466118483. PNG "style=" border:0px; "/>

To generate a certificate using Windows MakeCert

You can also use the Windows MakeCert tool to generate the CER and PFX files required by Azure.

    1. First download Windows SDK for Windows 10 or Windows 8:

       

      https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk

      https://developer.microsoft.com/en-us/windows/downloads/windows-8-sdk

       

    2. After the installation is complete, you can see the MakeCert command line under the program files under Windows kits, using MakeCert to generate the CER file:

       

      Makecert.exe-sky exchange-r-n "cn=azureautomation"-pe-a Sha1-len 2048-ss My "Azureautomation.cer"

       

       

650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161925341-648483696. PNG "style=" border:0px; "/>

  1. After generating the CER file, we can use PowerShell to generate the PFX file, open PowerShell with Administrator privileges:

    #myautomation是pfx的密码, you need to use the automation when importing to Azure

    $MYPWD = convertto-securestring-string "Myautomation"-force–asplaintext

    # "Azureautomation" is the name of certificate, generated in the first step

    $AzureCert = Get-childitem-path Cert:\currentuser\my | where {$_. Subject-match "Azureautomation"}

    #导出生成pfx文件

    Export-pfxcertificate-filepath C:\AzureAutomation.pfx-Password $MyPwd-cert $AzureCert

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161926544-218812409. PNG "style=" border:0px; "/>

Using certificates

Whether you are using Linux or Windows-generated certificates, you must make sure that you have a X509 CER certificate and a PFX certificate with a password that is used to upload the management certificate, and the asset that is passed to the Runbook on the PFX as the authorization credential.

  1. Upload the CER file to Azure's management certificate, log in to Azure Portal, select Settings, manage certificates, then select Upload below, select the. cer that you generated in the steps above and choose OK:

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161927263-973980740. PNG "style=" border:0px; "/>

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161927857-60428708. PNG "style=" border:0px; "/>

  2. Open an Automated admin account, select an asset, and choose Add settings from the menu below:

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161928451-1155898319. PNG "style=" border:0px; "/>

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161929091-2110058751. PNG "style=" border:0px; "/>

  3. Select Add credentials in the Add type, select the certificate in the credential type,

    650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161929982-1128997160. PNG "style=" border:0px; "/>

650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161930654-768566393. PNG "style=" border:0px; "/>

    1. Select the PFX file generated in the above steps, enter the password, then OK, complete the upload:

650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/845013/201605/845013-20160516161931482-629899961. PNG "style=" border:0px; "/>

The following sections describe how to use credentials for validation.


Automate cloud operations with Azure automation (3)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.