Azure App Service and App gateway SSL certificates informations

Question

in my company I have an Azure environment in which SSL certificates need to be renewed. But I was given no info about them.

So I have app services that run in an ASE, with an app Gateway. The certificate for the ASE is handled, I'm trying to gather all the information I can on the app services certificate and the app gateway certificate.

with Azure CLI, running this command on the app gateway gives me lot of data including the serial number but not the thumbprint :

$publiccertprod1= az network application-gateway ssl-cert show -g RessourceGroupName --gateway-name AppGatewayName --name CertName --query publicCertData -o tsv
echo "-----BEGIN PKCS7-----" >> publicprod1.cert; echo "${publiccertprod1}" >> publicprod1.cert; echo "-----END PKCS7-----" >> publicprod1.cert
cat publicprod1.cert | fold -w 64 | openssl pkcs7 -print_certs | openssl x509 -noout -text

On the other hand, running this command on app service gives me the thumbprint but not the serial number

az webapp config ssl list --resource-group AppServiceRessourceGroup

So, how can I be sure it's the same certificate or not (from the internal intel I have it's a different one), and how can I get the missing serial number and thumbprint?

the internal process for certificate renewal asks me for serial numbers so getting this one would be huge.

Thanks

Edit: as Ked Mardemootoo suggested, using AzAppGWCert module gave me all necessary details. You can find it here : https://github.com/Welasco/AzureRMAppGWCert

Have you also tried the powershell version of the command? `Get-AzAppGWCert -RG -AppGWName ` See following for more info https://stackoverflow.com/questions/52878174/ssl-certificate-expiration-date-in-application-gateway I would have posted it as answer but for some reason when I tried it on my end, all fields, except top 3, were empty — Ked Mardemootoo, Oct 08 '21 at 03:38

Xav Sc · Accepted Answer · 2021-10-10T11:48:03.547

0

as @Ked Mardemootoo suggested, using AzAppGWCert module gave me all necessary details. You can find it here : https://github.com/Welasco/AzureRMAppGWCert

edited Oct 10 '21 at 11:48

answered Oct 08 '21 at 09:31

Xav Sc

489
1
5
23

Glad to hear! I think you should just add the solution here and then mark it as answer so the question gets archived – Ked Mardemootoo Oct 08 '21 at 09:37

score 0 · Answer 2 · answered Oct 08 '21 at 09:57

Thanks @Ked Mardemootoo your insights helped lot. Use below PoweShell script to get the both Thumbprint & SerialNumber

Before the script you can install the Required Module AzureRMAPPGWCert

Install-Module  -Name  AzureRMAppGWCert

Use the Below code to get the certificate values

Connect-AzureRmAccount

Import-Module  AzureRMAppGWCert

Get-AzureRMAppGWCert  -RG  <RGName>  -AppGWName  <AppGatewayName>

Refer SO thread for more info

Azure App Service and App gateway SSL certificates informations

2 Answers2