Azure CLI for Creating Certificates to use with Azure Compute ASM

Ben SteginkAzure, node.jsLeave a Comment

Recently I’ve been playing around a with Node.js a Raspberry Pi and Azure (more on that in the next blog post).

Since all my VMs have been around a while, they are in ASM mode and not ARM mode, so I was using azure-asm-compute module for Node.js. However, this module uses certificates to authenticate you to the service, and not Azure AD. A little frustrated with that aspect, but that’s another story. The purpose of this blog post it how to set up those certificates. I struggled with this for quite a while and couldn’t find any good documentation on how to accomplish it.

According to the documentation, there are two ways to do this:

  1. Upload your own certificate – I couldn’t get this method working
  2. Use Azure CLI – This worked, but took me a while to find the correct steps. So I’ll walk through this method below.

Using Azure CLI to create a certificate to authenticate with Azure Compute

  1. Install the Azure CLI tools. I’m on a Mac, have Node.js and NPM installed and running, so this was just a simple matter of running: npm instal -g azure-cli
  2. To view help and some of the commands, in your Terminal Windows just type Azure https://i0.wp.com/itxvpw.dm2301.livefilestore.com/y3puDgt45xy3bFhhAbBJXz32NDXJPz8uJUhMGgWVI0Bvoo6SswvYEW-4NbSmN9FPv6RmRHp06l1rEoncA1HhWfxM3eIjljeUsZUyjxBooXQmK5tAC3M66LHr2lh7_9gWycIvSBo6y8OhTOAG7w4z2Yq8TSYhNgidPpyS6cKJbJ_RG8/01-AzureCLI.png?w=846&ssl=1
  3. Log in to Azure with azure login it will prompt you to enter a username and password in the terminal window. https://i2.wp.com/itxvpw-sn3302.files.1drv.com/y3pEzKmM89l9-B-9P9r8ctP-0WzSpxz4IEndwxTaOB5UB6WWvavwOjnLkTwkgCQZXeICD6b3zFUgDlBeqD1vjtu9UrOsMRxSelPWdLR2Jem_XKldv4UTvkPzfeZSdpzck3mYSD64wsYATxvCOnKJRXFUOyUhRovhDJ-OXKJK8L20Bg/0-2AzureCLI.png?w=846&ssl=1
  4. If you want to view a list of all your accounts and view the currently active one, type azure account list https://i2.wp.com/itxvpw.dm2301.livefilestore.com/y3pfp255HkzT2pRdYl2OvvWgJVs-HqyLZ9tHFnWHI_EBPMVs_NKJ5kuydn6D50j_xFeozaUmFSdbBxl_xyuNgkbD-uc7c0A7pQz8KA6kwUrOwcyx2z3Wgj721pRzmqdoNXL7nIUot0W6J4NSPQPAO4SnbSFTZLr5zEOl7DWQnicP_g/03-AzureCLI.png?w=846&ssl=1
  5. Select the appropriate subscription with azure account set [your account name] https://i0.wp.com/itxvpw.dm2301.livefilestore.com/y3p2yjNxzkcRg5Ogjy0S0GyQuJxnJbniIGNOo8mGRQd_t0fB-HHZr6sM3stHZQPZM2cPvZbJzuPXVZNCyJnvJJVTwjENq6qTPwVNERYK6JceIW4qyWw7HdSX4r_AMwNg9w6foZVQ4aeKUoKQKb6Vi6ZWBmbLMT_vr5Cv_guLKJF_s4/04-AzureCLI.png?w=846&ssl=1
  6. Next, make sure you are logged into the still non-preview Azure Portal with these same account you’re using with Azure CLI https://i2.wp.com/itxvpw.dm2301.livefilestore.com/y3pMY8CLwqsfnIZqOwjixmHAJxzMjSSFqn62VBegmKgIw0RzLUnoCA4RBkQO8Ca4xFxdMothkiEWCDGMkwqx0_maNgRx-dQxbuTTFWQBsF8YYwmc5P3aNbTdA7RvMGdRK7GhhhdaHjQD0-zBURfiJa4ouQ02bMu7H4BrUl2igkJeM4/05-AzureCLI.png?w=846&ssl=1
  7. Back in the terminal, use  azure account download to download the publishing files https://i1.wp.com/itxvpw.dm2301.livefilestore.com/y3pFm_WQ5NIi6Xa4tU-AzC4UXLq4_0mjZUR9feQ8l3qrVX1pwXw_gAaOyaWP8fOyDQso9dG3gxyxgNzjtXsMwAaeGcgxLIo2PLLqNGKFJ8_05Nw86hh7RcKBfhVyr8I8_gYMzsN5KWu8SS-KvwhT4bebU1QKXU9J1743h42HRKTWY8/05.5-AzureCLI.png?w=846&ssl=1
  8. You’ll be promoted to save a file from your browser. Don’t freak out if the default file name starts with one of your other subscriptions. In my case, the filename actually contained ALL of my subscription names. https://i0.wp.com/itxvpw.dm2301.livefilestore.com/y3pa_s7GFQm53Jb6eQr3evYcxJxiZRKd9CNZGxpCH5MONZ2Hr0Vs9CG6J0lPsTQEXzT5DFNACRSj6VUOh8Zhc3Bxl7tk6j99s3f3G7eiEG_01Z82e5Aa67h3cszmSO_Js1mWlzDyuKDx8tf5Ukg5z3l3jnYdth1y4umu4Rrl3E4vFY/06-AzureCLI.png?w=846&ssl=1
  9. Next run azure account import [path to publishing file]…I know…you just downloaded it from Azure, and now you have to re-upload/import it…but trust me, this will work. https://i2.wp.com/itxvpw.dm2301.livefilestore.com/y3pxXHvZ-8geV07UfmKwJYz9MrNTdNlQvau0IkU2noNHh01JVDnNMwIaKTNS-I3spNEKYG2ow183VuMpggdQkJke1gczLzwh7_J6OwCVHP65qP7hCHJ-2VeLLOjJfEHUf4_-IqOTCDSgHIS2IAVyWqPCxTWgzZoi1TBCEGvAekFqqA/07-AzureCLI.png?w=846&ssl=1
  10. Run the command azure account cert export. Yes, now you re-downloading something again 🙂 This time however, you’ll noticed it’s a .pem cert file, that should have a GUID for a file name that matches the subscription you set back in step 5. https://i0.wp.com/itxvpw-sn3302.files.1drv.com/y3pg2p7qxIp2P08lgL5HekA2VhsO1GhKcWsVOAOx8zPk_o-lIchFglkIfh6jmJtA59kY9sdTIT7h-zPLP6sp2j0NEFnwMvBNShkuJTxkyba8DVTbeJprs71ypbRTjA4cqwI6WH5lnOp7VXNPH4FOBa2VEzecSqbJE3BdY7sffLPjD4/08-AzureCLI.png?w=846&ssl=1
  11. Finally, everything is in place to be able to use certificates to authenticate to Azure Compute! If you check the location you were in when you ran the export command in step 11, you should see your .pem file. https://i2.wp.com/itxvpw-sn3302.files.1drv.com/y3p2CusvORbVPzWBvDnRkYs3wg1MP1zVIfMTxJGdZ0k4Efp822CUZ4Rq5Qork0OaqP_5IL6yTB8Whb68EdZv_v1pRNsMYtSBcj1lhVd-jaTWNcExbrQu-5Rjm9zhrD0kkyax-cUGt3efAtjUia88fCi37Wx3L2DVpZUwlic5rN9zrQ/10-AzureCLI.png?w=846&ssl=1
  12. The last piece of the puzzle is just to plug in your subscription ID and the path to your .pem file in your code for use with the azure-asm-compute module. In my case I use a .json file for all my parameters/settings. Just a disclaimer, keep this .pem file your subscription ID safe. If anyone gets their hands on both of them they’ll be able to gain access to your compute resources in Azure! https://i0.wp.com/itxvpw-ch3301.files.1drv.com/y3pDM258sZGxIqXcN59Qvef1xe1oI_R1PHY0zAOIHkc8bW6yau6dYir4jeESN7kv511cytczQrgxkephbK-nTCuD26axp1qYC5nHy7O_4F0dhqxIJ4yoI4g6qYIRb_D-fQygBM-3EPwNyM3Rrinan9GPpvq4XbBiDDP_bXJpVJBbQM/09-AzureCLI.png?w=846&ssl=1

Hope this helps save someone some time!