Here is a PowerShell scripts to get list of websites that have access to a given Certificate.
Make sure to update Thumbprint and Resource Group name (any resource group name in the Azure Subscription) in line number 3 and 4
#Connect-AzAccount
$ResourceGroupName = "SixShotRG"
$Thumbprint = "B5EC9ED298EC6B911146CD572D518625C3A07BF2"
Write-Host ("Looking for thumbprint " + $Thumbprint + ".....")
$certSubjectName = ''
[System.Collections.ArrayList]$certWebspaces = @()
[System.Collections.ArrayList]$thumbprintSites = @()
# get the current subscription id
$resourceGroup = Get-AzResource `
-ResourceGroupName $ResourceGroupName
$subscriptionId = $resourceGroup[0].ResourceId.Split("/")[2]
# get list of resource groups in this subscription
$resourceGroupId = '/subscriptions/' + $subscriptionId `
+ '/resourceGroups'
$resourceGroups = Get-AzResource -ResourceId $resourceGroupId
Write-Host ("Found " + $resourceGroups.Count + `
" ResourceGroups in Subscription " + $subscriptionId)
foreach ($resourceGroup in $resourceGroups) {
$certificates = Get-AzResource `
-ResourceGroupName $resourceGroup.Name `
-ResourceType Microsoft.Web/certificates
Write-Host ("`tFound " + $certificates.Count `
+ " Certificates in ResourceGroup " `
+ $resourceGroup.Name)
foreach ($certificate in $certificates) {
$cert = Get-AzResource `
-ResourceGroupName $resourceGroup.Name `
-ResourceType Microsoft.Web/certificates `
-ResourceName $certificate.Name
if ($Thumbprint -eq $cert.properties.thumbprint) {
Write-Host ("`t`tFound our cert in " `
+ $cert.properties.webSpace `
+ ' webspace')
# Found our cert
$certWebspaces.Add($cert.properties.webSpace) | Out-Null
$certSubjectName = $cert.properties.subjectName
}
}
}
Write-Host ("Looking for websites that has access to this cert...")
foreach ($resourceGroup in $resourceGroups) {
$sites = Get-AzResource -ResourceGroupName $resourceGroup.Name `
-ResourceType Microsoft.Web/sites
Write-Host ("`tFound " + $sites.Count `
+ " websites in ResourceGroup " + $resourceGroup.Name)
foreach ($site in $sites) {
$s = Get-AzResource -ResourceGroupName $resourceGroup.Name `
-ResourceType Microsoft.Web/sites `
-ResourceName $site.Name
if ( $certWebspaces.Contains($s.properties.webSpace)) {
Write-Host ("`t`tFound our cert in " + $s.Name `
+ ' website')
$thumbprintSites.Add($s.Name) | Out-Null
$slots = Get-AzResource `
-ResourceGroupName $resourceGroup.Name `
-ResourceType Microsoft.Web/sites/slots `
-ResourceName $site.Name `
-ApiVersion 2018-02-01
foreach ($slot in $slots) {
$thumbprintSites.Add($slot.Name) | Out-Null
}
}
}
}
Write-Host ("`n`nCertificate with thumbprint " + $Thumbprint `
+ " and subject name " + $certSubjectName)
Write-Host ("is in these below websites and slots : " )
$thumbprintSites | ForEach-Object { "Website Name : [$PSItem]" }
.net dev life 
Hi,
We are are looking to get a list of all AppServices with certificates details for all subscription with the following details.
SubscriptionId, ResourcesGroup, ResourceName, Certificate Name, Cert Thumbprint, Expiration
A script or some pointer will be really appreciated.
LikeLike