After creating your DigiCert CertCentral API Key and gathering your Organization ID and CertCentral Account ID, you can begin ordering your DigiCert SSL/TLS certificates from your Azure Key Vault account.
To order your certificates, use Azure PowerShell version 2.1.0. If you don’t have this version of PowerShell, you can access it here:
https://github.com/Azure/azure-powershell/releases/tag/v2.1.0-September2016.
If you run into problems while running these Azure PowerShell commands, contact your Microsoft account representative.
Notice
The Azure Key Vault to CertCentral integration only supports ordering SSL/TLS certificates.
The variables in these instructions have been assigned sample values for use as reference. Please change the values appropriately.
Open a new PowerShell window and run this command to log in to your Azure Key Vault account.
Login-AzureRMAccount
If you already have a resource group you can use, you don't need to create a new one.
Define
$resourceGroupNameand$resourceGroupLocationvariablesRun these commands to define your variables.
$resourceGroupName = "myResourceGroup" $resourceGroupLocation = "West Us"Create resource group
Using the defined variables, run this command to create the resource group.
New-AzureRMResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation
If you already have a vault you can use, you don't need to create a new one.
Define
$vaultNameand$vaultLocationvariablesRun these commands to define your variables.
$vaultName = "myVaultName" $vaultLocation = "West Us"Create vault
Using the defined variables, run this command to create the vault.
New-AzureRmKeyVault -VaultName $vaultName -ResourceGroupName $resourceGroupName -Location $vaultLocation -Sku Premium
Run the command below to create an organization for the issuer. This command also creates a $org variable to use in other commands later.
$org = New-AzureKeyVaultCertificateOrganizationDetails -Id OrganizationIDfromDigiCertAccountRun this command to create and define the $secureAPIKey variable.
$secureApiKey = ConvertTo-SecureString DigiCertCertCentralAPIKey -AsPlainText –ForceThis step creates the connection between your Azure Key Vault account and your DigiCert CertCentral account.
Define
$accountIdand$issuerNamevariablesRun these commands to define your variables.
$accountId = "myDigiCertCertCentralAccountID" $issuerName = "MyIssuerName"Create issuer
Using the defined variables, run this command to create an issuer.
Set-AzureKeyVaultCertificateIssuer -VaultName $vaultName -IssuerName $issuerName -IssuerProvider DigiCert -AccountId $accountId -ApiKey $secureApiKey -OrganizationDetails $org
Using the defined variables, run the command below to create a policy. This command also creates a $certificatePolicy variable to use in other commands later.
$certificatePolicy = New-AzureKeyVaultCertificatePolicy -SecretContentType application/x-pkcs12 -SubjectName "CN=myCommonName.com" -ValidityInMonths 12 -IssuerName $issuerName -RenewAtNumberOfDaysBeforeExpiry 60Define
$certificateNamevariableRun this command to define your variable.
$certificateName = "myCertificateName"Request your SSL/TLS certificate
Using the defined variables, run this command to request an SSL/TLS certificate.
Add-AzureKeyVaultCertificate -VaultName $vaultName -CertificateName $certificateName -CertificatePolicy $certificatePolicy
Using the defined variables, run the command below to check the status of your certificate request to see if it is "complete".
Get-AzureKeyVaultCertificateOperation -VaultName $vaultName -CertificateName $certificateNameUsing the defined variables, run the command below to access your issued SSL/TLS certificate.
Get-AzureKeyVaultCertificate -VaultName $vaultName -CertificateName $certificateName