Add-AzClassicCertificate.ps1

function Add-AzClassicCertificate {
    <#
    .SYNOPSIS
    Add a new certificate to a PaaS v1 Cloud Service
 
    .PARAMETER ServiceName
    Cloud Service to upload the certificate to
 
    .PARAMETER Certificate
    Certificate object (in memory) to upload
 
    .PARAMETER CertificateFile
    Certificate file path to upload
 
    .PARAMETER Password
    Private Key password
     
    .PARAMETER ApiVersion
    API version to use with the Resource Provider.
    Default: 2015-10-01
 
    .EXAMPLE
    Add-AzClassicCertificate -ServiceName MyCloudServiceeFile C:\LocalTemp\badcert\CN=prod-prod-keyvault1-auth-10-17.azure.com.pfx -Password $pwd -Verbose
 
    Name : sha1-E3D34E1A8B1D354F89FB2CA147701945D6330805
    ResourceId : /subscriptions/77fd10c6-6e20-4c82-a238-e38592f78346/resourceGroups/myResourceGroupMicrosoft.ClassicCompute/domainNames/MyCloudServMyCloudService9FB2CA147701945D6330805
    ResourceName : MyCloudServiceFB2CA147701945D6330805
    ResourceType : Microsoft.ClassicCompute/domainNames/serviceCertificates
    ResourceGroupName : myResourceGroupyResourceGroupyResourceGroup
    SubscriptionId : 77fd10c6-6e20-4c82-a238-e38592f78346
    Properties : @{data=MIII8TCCBtmgAwIBAgITFgAJ/Vqn3jOrBRtjeAAAAAn9WjANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMTkwOTEzMTg1OTQwWhcNMjEwOTEzMTg1OTQwWjA+MTwwOgYDVQQDEzNvYWFzLXByb2Qta2V5dmF1bHQxLWF1dGgtMTAtMTcuYXp1cmUtYXV0b21hdGlvbi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaQ6uAPw7VFQsVxyswre34OUrRAKdbM/l6sR8Xb84Up1A/bXYmA/HgLGqac8PMO4n1eoferV/QxT67AEC46CNAOYeQ0M0z6UPdeB6VQ/wea9Bpm3WKhYTvTnBiPALLO6pQROCI8Lr/7ZOZYceN6J2Ou8zGH9ahnCBKmmFpGhH/49zHjvK+nDZMtQ+ucEtzvEvBw7mb+LrRwcY+iGdY0dG0Y0PuQhNElZ3casvs/QuDYFqwo7KNc40Xbs2i2/et404TGKuMjUXOJUaqQ7phaV7qMQExXUCGw5d8NYv8b0wnwsG/LmmKkHqeK+YUIlirAZGyGZRsfCq0O7IvflP6FrWlAgMBAAGjggSYMIIElDCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFtLAf6VgAABAMARjBEAiAaHQgZYTB11pMUJQ7K5VGLfVhUw7DAwJNadg3GuN/m8gIgRcIK4N7hKQhS9MBDGgQC3+CnaLrxE89faaxFsXyTl20AdQD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAW0sB/pYAAAEAwBGMEQCIASsHpwKGn2WKJpKPgL6YQaDxjqqIdDwohmCXuix93QcAiBgNiGuK7+EVuZefv9yufWaIbag0MWG+4KXJDXj8DnrugB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABbSwH+eIAAAQDAEcwRQIhAPdFkdFKxn+2YExPqgiGFilY6ZQWV+XnrEa9A9v3kIjQAiBq3nmnHE3Luj0EMSrXfyeQHPoR5dcOOwy4ZkKefrgLOQB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABbSwH+gQAAAQDAEgwRgIhAP9RxOtHnA6Yz50ApgcLq5960vzhDpzEyFTTayvluJJEAiEA/WFhjHnSQO0mXIEIbxRrXEcc/H6UBTy3gI3E+MxL8fwwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBR965YO2emyAvrgSszn7e2LVj48wDALBgNVHQ8EBAMCBLAwPgYDVR0RBDcwNYIzb2Fhcy1wcm9kLWtleXZhdWx0MS1hdXRoLTEwLTE3LmF6dXJlLWF1dG9tYXRpb24ubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCZOMB84zZHWLhvNnGC10PS3Bswf5U/flvuIQVC9zf3ad7S8R91ZzMmzZTAI8TxmlS2tqGJVkLatk2qeCQr2sy+AJhxnLrpQkc1FbkPOpkiQnUF9uqKbEg0Z/QGoHkZtLZwGtsaWs8wHGGR8r+AhkDLE6u/to6bIPSJ3gPdYr2xHJjNdJQQviFm7vKD1GtJFZid+WJEdBWNgPnltjb6mf3mJZOmold71fsJqQai6UY5b0E4nR2LFswdXRsjscIt2vFR1ghOLnIiuAtR1BJgsPOW8d8Fz56wYZ02j8FKyFDdljdFJDI3nE5kZR5A4JiV0DSkg6uA2Y7C7PZIoFAJBrsbf6RFe8dDplY3stRbFIg5+aHSiyOtxhZ3/o9kIE2YKie/b2SSU4c0OAgmSfPqAM4U3bKk4mC/kt36XdQQ2I9znshLbOfkncX9DFdCaeeFjTxyRdjwB/84VYvmrnPgW6JgZlicsfjla8L+SBzwypL6twOObKRokyZVqmFhiLOpyKQv9sLOf0cIaelfy7563uxtQxgE6n2kIMlyJESfdm1odAJ0Cjdy+t4ValQbFfN3cXbSMdp/NGmB0yLjoj7inaC50Czi/tfWbsbYQqfD4MjeHXMkk46pEAC115A0MFrxvrqRafpzVQwfxYLtHp73QrtdB6Ll+SbQKKbEhaqfMsHzdA==; thumbprint=E3D34E1A8B1D354F89FB2CA147701945D6330805; thumbprintAlgorithm=sha1}
 
 
    #>


    [CmdletBinding(DefaultParameterSetName = 'certificateFile')]
    param (
        [parameter(Mandatory, ValueFromPipelineByPropertyName, Position = 0)]
        [string[]]$ServiceName,

        [parameter(Mandatory, ParameterSetName = 'certificateObject')]
        [System.Security.Cryptography.X509Certificates.X509Certificate2]$Certificate,

        [parameter(Mandatory, ParameterSetName = 'certificateFile')]
        [ValidateScript( { Test-Path $_ })]
        [string]$CertificateFile,

        [parameter()]
        [string]$ApiVersion = '2015-10-01',

        [parameter()]
        [securestring]$Password
    )

    begin {
        if ($PSCmdlet.ParameterSetName -eq 'certificateFile') {
            try {
                $CertificateFile = Resolve-Path -Path $CertificateFile
                $certificateFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
                $certificateFlags += [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
                $certificateFlags += [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet
                $Certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($CertificateFile, $Password, $certificateFlags)
            }
            catch {
                Write-Error $_.Exception.Message
                return $false
            }
        }

        $resourceType = 'Microsoft.ClassicCompute/domainNames/serviceCertificates/'
    }

    process {
        foreach ($service in $ServiceName) {
            Write-Verbose "Service: $service"
            $serviceObject = $null
            $serviceObject = Get-AzClassicService -ServiceName $service

            New-AzResource -ResourceType $resourceType -ApiVersion $ApiVersion -Force -ResourceName "$($serviceObject.ServiceName)/sha1-$($Certificate.Thumbprint)" -ResourceGroupName $serviceObject.ResourceGroupName -Properties @{
                'Thumbprint'          = $Certificate.Thumbprint;
                'CertificateFormat'   = 'pfx';
                'ThumbprintAlgorithm' = 'sha1';
                'data'                = [System.Convert]::ToBase64String($Certificate.RawData);
                'password'            = (Unprotect-SecureString -SecureString $Password)
            }
        }
    }
}