How to make a secure connection to Azure subscription using PowerShell? (Apr 23, 2017)

How to make a secure connection to Azure subscription using PowerShell?


We need to make a secure connection to our Azure subscription, and in this article I will show you how to do this using a couple of PowerShell commands.

 In order to make secure connection to our Azure subscription, there are two main operations to do:

  1. Download the Azure settings file for the subscription you are using
  2. Import the certificate to user’s certificate store

So to start with we have to download the Azure settings file to management PC, and that contains a certificate which we then import into the current user’s certificate store.

There are a couple of partial cmdlets to complete these operations. The first command is Get-AzurePublishSettingsFile, and we just need to type this into the PowerShell prompt and press enter:

That within a few seconds should automatically open up a browser window.  


 Now I need to enter the credentials for an admin account for the subscription. You can see in the screenshot below at the bottom of the browser widow it’s the PublishSettinsFiel that has been downloaded from my Pay-As-You-Go subscription.


So I am going to take this file and copy this into my C:\AzureCertificateFile folder.

 The second command is Import-AzurePublishsfile and it specifies the location of the Azure Settings file that we just downloaded and it extracts the certificate and publishes it to the current user’s certificate store. So I’ll just come back to the PowerShell and type the import command:

You see that I’ve replaced the UNC with the path to the file that I just downloaded using Get-AzurePublishSettingsFile, so I press enter and we can see that the certificate has been successfully imported from my Azure subscription.

 Now that the certificate is imported, we can use PowerShell to check the name and thumbprint of the certificate.  So we’re going to use the Get-ChildItem cmdlet, and this PowerShell cmdlet can be used to query, not just the certificate store, the file system and the registry. Here all we’re going to do is have it scan recursively the certificate store on the computer and look for objects where the issuer of the certificates matches something like Azure and then to show us the friendly name, the subject and the thumbprint of those certificates that it finds.

 And press enter:

 As you can see there are two certificates installed for different subscriptions. It’s worth noting that when you import a certificate from the Azure PublishSettingsFile in this way, only the current logged on user will be able to make a connection to any certificates imported. If you want a different user to be able to access those Azure subscriptions form the same computer, you need to repeat this process for each of those users, but there is no limit to the number of certificates that you can import for each Azure subscriptions that you might have to work with. Additionally, while I am logged on to thismachine as a local admin, you don’t need to be local admin to run any of the command that we’ve executed.





Back to All Articles