Upload your Own Certificate to Azure Automation

There can be requirement of uploading your own self signed certificate or you organizational approved Certificate to Azure Run As account.

This article will assist you in doing that, some admins do it, so they do not have to renew every year

First let us create a certificate using New-SelfSignedCertificate powershell command.

New-SelfSignedCertificate -Subject ‘CN=AutomationRunAsCert’ -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm ‘RSA’ -HashAlgorithm ‘SHA256’ -Provider ‘Microsoft Enhanced RSA and AES Cryptographic Provider’ -NotAfter (Get-Date).AddYears(10)

Above command will generate the self-signed certificate with validity of 10 years and will store it in your machine local certificate store.

Now extract this certificate from your computer using MMC:

You will find the certificate in the personal store, export it with private key

Select all check boxes, we will remove the certificate from the computer after export.

Choose the complex password, select the location to store the cert on next window and finish the wizard.

Delete the cert from the personal store.

Note: Save this in secure place

Now we will upload private certificate to azure automation run as account.

Go to Azure Automation Account à Certificates

Delete the existing Certificate

Add your own Certificate, Certificate Name should always be AzureRunAsCertificate

I do not want to mark it as exportable as I have already stored it in a safe place and do not want anyone with rights export the private key.

Click on it after successful import and note the Thumbprint.

Now go to Connections:

Update the Thumbprint. (Note down the app id)

Although it is ready to be used with your own cert, but I will do one extra step and search for the service principal of the Azure run As account and remove the old certificate from there as well.

Go to APP registrations and search for the APP id that you have copied from the connections.