I am trying to retrieve app service certificate details , but it only retrieves for the entire ResourceGroup using powershell as follows:
az webapp config ssl list --resource-group "TestResourceGroup" | ConvertFrom-Json
There are a number of app services in this resource group. I want the certificate details for a certain app service not all .
How can i get the details for a particular app service ?
You can try using az webapp config ssl show --resource-group <RG_val> --certificate-name <naked_FQDN> (not sure what you need to return). Or alternatively use a JMESPath on the az webapp config list to control what you are returning.
Thanks #mklement0, I have reproduced in my environment and got expected results as below and I followed Microsoft-Document:
$r=az webapp config ssl list --resource-group XX
$r.WebAppName.Certificate
$r | ConvertFrom-Json
XX- Name of the resource group
Related
Just want to know how can I get the service buses in the portal through powershell
I was able to access the app insights through this piece of script
az monitor app-insights component show | ConvertFrom-Json
Now I wish to access the service bus , app service and app service plans as well through powershell
I was using this
az monitor servicebus component show | ConvertFrom-Json
for service bus but it is not working.
You are using Azure CLI there, not the PowerShell modules.
If you want to list / show the details around the following services, then you need to use the corresponding Azure CLI commands:
ServiceBus
az servicebus namespace show --resource-group myresourcegroup --name mynamespace
Reference: https://learn.microsoft.com/en-us/cli/azure/servicebus/namespace?view=azure-cli-latest#az-servicebus-namespace-show
App Service
az webapp show --name MyWebapp --resource-group MyResourceGroup
Reference: https://learn.microsoft.com/en-us/cli/azure/webapp?view=azure-cli-latest#az-webapp-show
App Service Plans
az appservice plan show --name MyAppServicePlan --resource-group MyResourceGroup
Reference: https://learn.microsoft.com/en-us/cli/azure/appservice/plan?view=azure-cli-latest#az-appservice-plan-show
Here is the full CLI reference: https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest
To get service bus namespace list in your current subscription, you use below command:
az servicebus namespace list
To get the service bus queue list you below command:
az servicebus queue list --resource-group myresourcegroup --namespace-name mynamespace
If you want for topic, keep topic in place of queue in above command.
If you want to get app service plans use the below command:
az appservice plan list
Alternatively, you can use azure resource graph query like below for servicebus:
resources
| where type =~ 'microsoft.servicebus/namespaces'
You can use azure resource graph query like below to get app services:
resources
| where type == 'microsoft.web/sites'
References taken from:
https://learn.microsoft.com/en-us/cli/azure/appservice/plan?view=azure-cli-latest#az-appservice-plan-list
https://learn.microsoft.com/en-us/cli/azure/servicebus?view=azure-cli-latest
Edit:
Yes if you want apim use below query:
resources
| where type == "microsoft.apimanagement/service"
Get apim Using cli :
az account set -s "Subscription name"
$Resources = az resource list
$Resources | Where type -in "Microsoft.ApiManagement/service"
I have enabled the identity in azure web app, it has created one object id. I want to pull the object id using PowerShell, like that I want to pull all the app service using powershell command
You could use this command:
(Get-AzWebApp -Name <Your_WebApp_Name> -ResourceGroupName <Your_ResourceGroup>).Identity.PrincipalId
As per this MSDoc, we have alternate command to get the Azure WebApp Service Principal ID.
Display name must be your WebApp Name
Get-AzADServicePrincipal -DisplayName "Core52022"
To check whether you got the correct ID, you can verify it in Azure Active Directory
Navigate to the Portal => Azure AD => Enterprise applications,remove all the filters and in search box type your Web App name
Finally I got the answer for this. I try to get my identity id in my webapp, so to get this using below command in PowerShell
Command:
az webapp identity show --name yourwebappname --resource-group resrourcegroupname --query principalId
Example:
az webapp identity show --name ph-prod-blue-portal --resource-group test_resource --query principalId
you will get the below result
"abc-def-ghi-ijk-lnmkop"
I am trying to get list of web apps using az cli az webapp list. And when I try to get the diagnostic setting for the particular web app using az monitor diagnostic-settings list --resource-group nameRG --resource id. I dont get any information and logs and diagnostic settings are enabled for app services. I am not sure what i am doing wrong.
I am just trying to get the list of diagnostic settings for a resource. If you know better way please mention it.
Thanks
Usage:
az monitor diagnostic-settings list --resource Name --resource-group RGName --resource-type Microsoft.Web/sites
Or:
az monitor diagnostic-settings list --resource ID
Make sure the resource id correct like this format:
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
You could get the resource id by this command:
az webapp show --name MyWebapp --resource-group MyResourceGroup
I'm trying to use the Azure CLI to update the Incoming Client Certificate option under Web App > Configuration > General Settings > Incoming Client Certificates to use the value Allow.
Currently I can only set the value to true/false which correlates to Require/Ignore.
az webapp update --set clientCertEnabled=true--name MyWebApp --resource-group MyRsGrp
I haven't been able to find anything in the reference documentation.
https://learn.microsoft.com/en-us/cli/azure/webapp?view=azure-cli-latest#az_webapp_update
Does anyone have a nifty way to configure this setting? Thanks!
To set it to Allow, there are two properties need to be set, clientCertEnabled and clientCertMode, clientCertMode is not available in command az webapp update, you need to use az resource update.
Just use the command below, it works for me.
az resource update --name <webapp-name> --resource-group <group-name> --namespace Microsoft.Web --resource-type sites --set properties.clientCertEnabled=true properties.clientCertMode=Optional
I've a wildcard SSL that has expired, and I have the new cert (different authority) uploaded to Azure already..
..but I'd like to know if there's a way to bulk change all the sites using the old cert, over to the new cert. On normal IIS when you make a change for any one of your sites on the old cert, to the new cert, it asks you if you want to update other bindings that are using the old cert so that they also use the new cert. I've around 30 sites I need to move to the new cert and it's going to be quite a drag one by one
Is there an equivalent functionality on Azure? Powershell is acceptable if the portal.azure.com won't do it..
I've been using Azure CLI in Powershell for this. First build a CSV file or array with the values. It will need to contain:
- Web App Name
$Thumbprint
Then iterate through
$Thumbprint = "12bnhgikjbkj13kjbblahblah"
$WebApps = #("WebApp1","WebApp2","WebApp3") #OR
Foreach ($WebApp in $WebApps) {
az webapp config ssl bind --certificate-thumbprint $Thumbprint --ssl-type SNI --resource-group ResourceGroupName --name "$WebApp"
}
You can also do it with New-AzureRmWebAppSSLBinding from here. Also a guide here on how to do it.
I used the following code in Azure Cloud Shell to enumerate how many apps were using the old thumbprint and updated them to the new one. I found this easier than writing down each of the app service names.
You'll need to make sure you import your new certificate first.
az account set --subscription "My Application"
$webapp_ids=(az webapp list --query "[?hostNameSslStates.[thumbprint=='OLD_THUMBPRINT']].id" --output tsv)
az webapp config ssl bind --certificate-thumbprint "NEW_THUMBPRINT" --ssl-type SNI --ids $webapp_ids