The goal of this is to create a console application example of how to create a self signed certificate or to have one signed by Let's Encrypt.
Run the following in Bash or WSL:
az group create --name KeyVaultDemo --location westus2
az keyvault create --name mykeyvaultdemo --resource-group KeyVaultDemoThen run the following in Bash or WSL to create an Azure AD Application Registration:
Note to those poor souls who are not administrators inside their Azure AD tenant, this script will not work for you. Please send it to your administrator so that it can get the admin consent it needs to run KeyVault commands.
sudo apt install jq
./create-app.shCopy the output into the values below inside appsettings.json
Please create the following configuration inside your appsettings.json
{
"Settings": {
"AzureCloudInstance": "AzurePublic",
"TenantId": "Tenant Id from Azure AD",
"ClientId": "Client Id from Azure AD Application Registration",
"SubscriptionId": "Subscription Id for Azure",
"VaultBaseUri": "The Azure KeyVault Base Uri",
"LetsEncryptUri": "Let's Encrypt Base Uri (most likely https://acme-v02.api.letsencrypt.org/)",
"LetsEncryptContacts": "The contact email address registered to your DNS under Admin Contact"
}
}Finally modify the Program.cs to replace the values for the following:
// Change variables below to configure the application.
// Name of the self signed certificate in keyvault.
var selfSignedKeyVaultName = "";
// Name of the certificate signed by Let's Encrypt.
var letsEncryptedKeyVaultName = "";
// The subject for the self signed certificate.
// Most likely something like CN=contoso.com
var subjectName = "";
// Subject alternative names
// Most likely contoso.com
var subjectAlternativeNames = new List<string>();
// The type of certificate you'd like to request for.
var keyProperties = new KeyProperties()
{
KeyType = JsonWebKeyType.EllipticCurve,
Curve = JsonWebKeyCurveName.P256,
};The majority of this code is based on an awesome Azure Functions application that allows you to submit a certificate request against the function app and create a LetsEncrypt signed certificate. That repository is over at azure-keyvault-letsencrypt and was built by Tatsuro Shibamura.
