Exporting an Azure Application Certificate


In the previous post I wrote on how to use the fairly new feature, where, directly from Azure, it is possible to get and assign a publicly signed certificate to a Web Application.

I tested exporting the Certificate and installing it in a Windows Server 2016 on top of IIS and see if this caused any issue, which I suspected wasn’t going to, and confirmed it. This is a certificate just like any other and it can be used in whatever form one thinks best.

Note: The Certificate has to be previously issued, otherwise, there’s no point running this script, as it won’t produce anything


First, I modified a Powershell; shown below, I found the original here and made some changes because of some issues at run time in my environment.

The results of the run:

Authentication at the start of the run

It finished successfully:

It generates a password every time the script is ran. Do save it or you will not be able to access it.

There it is. The PFX, which includes the Private key, the X.509 Certificate, and the certificate chain.

Next, is to import it to Windows, ye, ok, Why? Because by doing so, I will then be able to export the private key wherever I need to.

The Import Process

Here it is, the imported certificate with private key included

And Then? Export

Export without the Private Key

Here’s the X.509 Certificate with the 2 names generated, from the Azure application

Using the Certificate in other Platform

I imported this certificate in IIS, see the pictures below

Two names, allthingscloud.rocks and www.allthingscloud.rocks

A valid certificate for allthingscloud.rocks

A valid certificate for www.allthingscloud.rocks


The certificate is completely and totally re-usable. Azure don’t make it really easy to export it, but, there’s the script, in case you want to move to another platform, you can take it with you.