Install-RMAzureVmCert

Function Install-WinRMAzureVmCert {
<#
.SYNOPSIS
    Downloads and installs the certificate created or 
    initially uploaded during creation of a Windows based
    Azure Virtual Machine.
.DESCRIPTION
    Downloads and installs the certificate created (or uploaded)
    during the creation of a Windows based Azure Virtual Machine. 
    Running this function obtains and installs the certificate into
    your local machine certificate store. Writing to the localhost's
    cert store requires PowerShell to run elevated. Once the
    certificate is installed, you can connect to Azure VMs using SSL
    to improve security. 
.NOTES
    File Name  : Install-WinRmAzureVmCert.ps1
    Author     : Thomas Lee - tfl@psp.co.uk
    Requires   : PowerShell Version 3.0, Azure module 8.12
    Tested     : PowerShell Version 5
.PARAMETER SubscriptionName
    The name of the Azure subscription whose VMs you want to get
    certificates from. Use quotes around subscription names
    containing spaces.
.PARAMETER ServiceName
    The name of the Azure cloud service the virtual machine is
    deployed in.
.PARAMETER VmName
    The name of the Azure virtual machine to install the 
   certificate for. 
.EXAMPLE
    Install-WinRmAzureVMCert -SubscriptionName "my subscription" `
           -ServiceName "mycloudservice" -Name "myvm1" 
#>
[Cmdletbinding()]
param(
[string] $SubscriptionName, 
[string] $CloudServiceName, 
[string] $VMName)

Function IsAdmin
{
Write-Verbose 'Checking user is an Admin'
$IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") 
Write-Verbose "User is admin: [$IsAdmin]"
Return $IsAdmin
}

# First, ensure the user is admin and that the VM exists
if((IsAdmin) -eq $false)
{
  Write-Error "Must run PowerShell elevated to install WinRM certificates."
  return
}
If (-not (Get-AzureVM -ServiceName $CloudServiceName -Name $VMName))
 {
   Write-Error "VM $VMName does not exist."
   return
 }

 # Pre-reqs OK so let's get started...
 Write-Verbose "Getting WinRM Certificate for Service: [$CloudServiceName] and VMname: [$VMName]"
$AzureVM   = (Get-AzureVM -ServiceName $CloudServiceName -Name $VMname).vm
$WinRmVmTp = $AzureVM.DefaultWinRMCertificateThumbprint
$AzureX509cert = Get-AzureCertificate -ServiceName $CloudServiceName -Thumbprint $WinRmVmTp -ThumbprintAlgorithm sha1
Write-Verbose "Found certificate with thumbprint: $WinRmVmTp"

# Now get cert into our cert store
# First create a temp file and dump the certificate data to it
$CertTempFile = [IO.Path]::GetTempFileName()
Write-Verbose "Using temp file: [$CertTempFile]"
$AzureX509cert.Data | Out-File $CertTempFile
Write-Verbose 'Temp file contains cert data'

# Create a certificate object from this file
$CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certTempFile

# Now get the local machine's trusted root store
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
Write-Verbose "[$($store.location)] [$($store.name)] cert store found sucessfully"

# Now Add the cert object to the store
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($CertToImport)
$store.Close()
Write-Verbose 'Certificate written to store'

# And nuke the temp file	
Remove-Item $certTempFile
Write-Verbose 'Temp file removed'
}
Technorati Tags: Azure,Azure VM