OpenSSL: Generate PFX from CRT and PEM

Here’s how you can use OpenSSL to generate a PFX file from a CRT (public key) and PEM (private key) file set.

"c:\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -out -inkey -in

Note you will be prompted for the password you want to associate to the generated PFX. Choose wisely. 🙂

Hope this helps!

Posted in This and that | Leave a comment

Azure PowerShell: Scale App Service Plan to Save Money

Here’s a bit of PowerShell to scale your Azure App Service down to save money. This task could be scheduled to “size down” at night, and “size up” for business hours.

$AppServicesJson = @"
  { "ResourceGroupName": "MyAppServiceGroup", "NumberOfWorkers": 1, "AppServiceTier": "Basic", "WorkerSize": "Small" }
$AppServices = ConvertFrom-Json -InputObject $AppServicesJson
$AppServices | ForEach-Object {
  $AppServicePlan = Get-AzureRmAppServicePlan -ResourceGroupName $_.ResourceGroupName -ErrorAction SilentlyContinue # Expects only one per resource group 
  If ($null -eq $AppServicePlan) {
    Write-Warning "No AppService Plan found for Resource Group $($_.ResourceGroupName)."
  } Else {
    Write-Output "Setting $($AppServicePlan.Name) plan in resource group $($_.ResourceGroupName) to $($_.AppServiceTier) $($_.WorkerSize) with $($_.NumberOfWorkers) worker(s)..."
    Set-AzureRmAppServicePlan -ResourceGroupName $AppServicePlan.ResourceGroup -Name $AppServicePlan.Name -Tier $_.AppServiceTier -WorkerSize $_.WorkerSize -NumberofWorkers $_.NumberOfWorkers

Hope this helps!

Posted in Azure, PowerShell | Leave a comment

Azure PowerShell: Querying Kudu WebJobs API

Here’s how you can query the Kudu WebJobs API to get the publishing credentials for an Azure App Service which in turn you can use to in a Basic authorization header of an HTTP request to get WebJob status etc. If you are using deployment slots in your App Service, note the comment for the slight resource URI change in the request for publishing credentials.

$AppName = "my-web-app"
$ResourceGroupName = "MyResourceGroup"
$ResourceType = "Microsoft.Web/sites/config" ## with slots -> "Microsoft.Web/sites/slots/config"
$ResourceName = "$AppName/publishingcredentials" ## with slot -> "$AppName/$SlotName/publishingcredentials"
## Get the creds
$PublishingCredentials = Invoke-AzureRmResourceAction -ResourceGroupName $ResourceGroupName -ResourceType $ResourceType -ResourceName $ResourceName -Action List -ApiVersion 2015-08-01 -Force
$Username = $
$Password = $
#Build a basic auth header for the API request
$BasicAuthHeader = "Basic $([Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $Username, $Password))))"
# Make requests for triggered and continuous web job status:
Invoke-WebRequest -uri "" -Headers @{ Authorization = $BasicAuthHeader }
Invoke-WebRequest -uri "" -Headers @{ Authorization = $BasicAuthHeader }

Hope this helps!

Posted in Azure, PowerShell | Leave a comment

PowerShell: Generate Self-Signed Certificate and Encode to Base64

Here’s how you can generate a self-signed SSL certificate in PowerShell. Be sure to use an Administrative PowerShell session. After creating the self-signed certificate, you can also export the certificate as a .pfx file and encode the output to a base64 string. This is useful for creating resources like the Application Gateway in Azure via ARM template.

$Cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName ""
$securePwd = ConvertTo-SecureString -String "password!" -Force -AsPlainText
Export-PfxCertificate -Cert "Cert:\LocalMachine\My\$($Cert.Thumbprint)" -FilePath 'c:\temp\MyCert.pfx' -Password $securePwd
$fileBytes = Get-Content 'c:\temp\MyCert.pfx' -Encoding Byte
[System.Convert]::ToBase64String($fileBytes) | Out-File 'c:\temp\MyCert.txt'

Hope this helps!

Posted in Azure, PowerShell | Leave a comment

Azure PowerShell: Deploy Linux Custom Script Extension

Here’s how you can deploy an Azure VM Extension via PowerShell:

# Before running this, upload your bash script to an Azure storage account container, grab its name and key via PowerShell or the Azure portal
$Subscription = "MySubscription"
$ResourceGroupName = "MyResourceGroup"
$VMName = "myvm"
$Location = "eastus"
$OldCseName = "PreviousCSE"
$NewCseName = "NewCSE"
$StorageAccountName = "storageaccountname"
$StorageAccountKey = "longstorageaccountkey"
$StorageContainerName = "storageaccountcontainername"
$ScriptName = ""
Select-AzureRmSubscription -Subscription $Subscription
# You can only have one extension of each type - remove the existing one before you deploy
Remove-AzureRmVMExtension -ResourceGroupName $ResourceGroupName -VMName $VMName -Name $OldCseName -Force
# Now, set the new extension
Set-AzureRmVMExtension `
  -ResourceGroupName $ResourceGroupName `
  -VMName $VMName `
  -Location $Location `
  -Name $NewCseName `
  -Publisher "Microsoft.OSTCExtensions" `
  -ExtensionType "CustomScriptForLinux" `
  -TypeHandlerVersion "1.5" `
  -Settings @{"fileUris" = [Object[]]"https://$$StorageContainerName/$ScriptName";"commandToExecute" = "bash $ScriptName"} `
  -ProtectedSettings @{"storageAccountName" = $StorageAccountName;"storageAccountKey" = $StorageAccountKey}
# If your script isn't idempotent, remove it after success
Remove-AzureRmVMExtension -ResourceGroupName $ResourceGroupName -VMName $VMName -Name $NewCseName -Force

Hope this helps!

Posted in Azure, Bash, PowerShell | Leave a comment

So, you can’t delete a folder in Windows because of “Path too long” errors?

If you have got yourself into a situation where you can’t delete a directory in Windows because the folder structure is too deep for Windows, you can use robocopy to save the day. Here’s a little snippet for wiping out those “path too long” directory trees:

mkdir tmp
robocopy tmp target_too_long_for_windows_delete /s /mir
rmdir tmp
rmdir target_too_long_for_windows_delete

Hope this helps!

Posted in Batch Files, Windows | Leave a comment