Order an SSL/TLS certificate from Key Vault account
Order DigiCert SSL/TLS certificates from your Microsoft Azure Key Vault account
After creating your DigiCert CertCentral API Key and gathering your Organization ID and CertCentral Account ID, you can begin ordering your DigiCert SSL/TLS certificates from your Azure Key Vault account.
To order your certificates, use Azure PowerShell version 2.1.0. If you don’t have this version of PowerShell, you can access it here:
https://github.com/Azure/azure-powershell/releases/tag/v2.1.0-September2016.
If you run into problems while running these Azure PowerShell commands, contact your Microsoft account representative.
Notice
The Azure Key Vault to CertCentral integration only supports ordering SSL/TLS certificates.
Order your SSL/TLS certificate using Azure PowerShell
The variables in these instructions have been assigned sample values for use as reference. Please change the values appropriately.
STEP 1: Open PowerShell and log in
Open a new PowerShell window and run this command to log in to your Azure Key Vault account.
Login-AzureRMAccount
STEP 2: Create a resource group
If you already have a resource group you can use, you don't need to create a new one.
Define
$resourceGroupNameand$resourceGroupLocationvariablesRun these commands to define your variables.
$resourceGroupName = "myResourceGroup" $resourceGroupLocation = "West Us"
Create resource group
Using the defined variables, run this command to create the resource group.
New-AzureRMResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation
STEP 3: Create a vault
If you already have a vault you can use, you don't need to create a new one.
Define
$vaultNameand$vaultLocationvariablesRun these commands to define your variables.
$vaultName = "myVaultName" $vaultLocation = "West Us"
Create vault
Using the defined variables, run this command to create the vault.
New-AzureRmKeyVault -VaultName $vaultName -ResourceGroupName $resourceGroupName -Location $vaultLocation -Sku Premium
STEP 4: Create an organization for the issuer
Run the command below to create an organization for the issuer. This command also creates a $org variable to use in other commands later.
$org = New-AzureKeyVaultCertificateOrganizationDetails -Id OrganizationIDfromDigiCertAccount
STEP 5: Create $secureAPIKey variable
Run this command to create and define the $secureAPIKey variable.
$secureApiKey = ConvertTo-SecureString DigiCertCertCentralAPIKey -AsPlainText –Force
STEP 6: Create issuer
This step creates the connection between your Azure Key Vault account and your DigiCert CertCentral account.
Define
$accountIdand$issuerNamevariablesRun these commands to define your variables.
$accountId = "myDigiCertCertCentralAccountID" $issuerName = "MyIssuerName"
Create issuer
Using the defined variables, run this command to create an issuer.
Set-AzureKeyVaultCertificateIssuer -VaultName $vaultName -IssuerName $issuerName -IssuerProvider DigiCert -AccountId $accountId -ApiKey $secureApiKey -OrganizationDetails $org
STEP 7: Create policy
Using the defined variables, run the command below to create a policy. This command also creates a $certificatePolicy variable to use in other commands later.
$certificatePolicy = New-AzureKeyVaultCertificatePolicy -SecretContentType application/x-pkcs12 -SubjectName "CN=myCommonName.com" -ValidityInMonths 12 -IssuerName $issuerName -RenewAtNumberOfDaysBeforeExpiry 60
STEP 8: Request an SSL/TLS certificate
Define
$certificateNamevariableRun this command to define your variable.
$certificateName = "myCertificateName"
Request your SSL/TLS certificate
Using the defined variables, run this command to request an SSL/TLS certificate.
Add-AzureKeyVaultCertificate -VaultName $vaultName -CertificateName $certificateName -CertificatePolicy $certificatePolicy
STEP 9: Check request status
Using the defined variables, run the command below to check the status of your certificate request to see if it is "complete".
Get-AzureKeyVaultCertificateOperation -VaultName $vaultName -CertificateName $certificateName
STEP 10: Access your issued SSL/TLS certificate
Using the defined variables, run the command below to access your issued SSL/TLS certificate.
Get-AzureKeyVaultCertificate -VaultName $vaultName -CertificateName $certificateName