Here is a PowerShell scripts to get list of websites that have access to a given Certificate.
Make sure to update Thumbprint and Resource Group name (any resource group name in the Azure Subscription) in line number 3 and 4
#Connect-AzAccount $ResourceGroupName = "SixShotRG" $Thumbprint = "B5EC9ED298EC6B911146CD572D518625C3A07BF2" Write-Host ("Looking for thumbprint " + $Thumbprint + ".....") $certSubjectName = '' [System.Collections.ArrayList]$certWebspaces = @() [System.Collections.ArrayList]$thumbprintSites = @() # get the current subscription id $resourceGroup = Get-AzResource ` -ResourceGroupName $ResourceGroupName $subscriptionId = $resourceGroup[0].ResourceId.Split("/")[2] # get list of resource groups in this subscription $resourceGroupId = '/subscriptions/' + $subscriptionId ` + '/resourceGroups' $resourceGroups = Get-AzResource -ResourceId $resourceGroupId Write-Host ("Found " + $resourceGroups.Count + ` " ResourceGroups in Subscription " + $subscriptionId) foreach ($resourceGroup in $resourceGroups) { $certificates = Get-AzResource ` -ResourceGroupName $resourceGroup.Name ` -ResourceType Microsoft.Web/certificates Write-Host ("`tFound " + $certificates.Count ` + " Certificates in ResourceGroup " ` + $resourceGroup.Name) foreach ($certificate in $certificates) { $cert = Get-AzResource ` -ResourceGroupName $resourceGroup.Name ` -ResourceType Microsoft.Web/certificates ` -ResourceName $certificate.Name if ($Thumbprint -eq $cert.properties.thumbprint) { Write-Host ("`t`tFound our cert in " ` + $cert.properties.webSpace ` + ' webspace') # Found our cert $certWebspaces.Add($cert.properties.webSpace) | Out-Null $certSubjectName = $cert.properties.subjectName } } } Write-Host ("Looking for websites that has access to this cert...") foreach ($resourceGroup in $resourceGroups) { $sites = Get-AzResource -ResourceGroupName $resourceGroup.Name ` -ResourceType Microsoft.Web/sites Write-Host ("`tFound " + $sites.Count ` + " websites in ResourceGroup " + $resourceGroup.Name) foreach ($site in $sites) { $s = Get-AzResource -ResourceGroupName $resourceGroup.Name ` -ResourceType Microsoft.Web/sites ` -ResourceName $site.Name if ( $certWebspaces.Contains($s.properties.webSpace)) { Write-Host ("`t`tFound our cert in " + $s.Name ` + ' website') $thumbprintSites.Add($s.Name) | Out-Null $slots = Get-AzResource ` -ResourceGroupName $resourceGroup.Name ` -ResourceType Microsoft.Web/sites/slots ` -ResourceName $site.Name ` -ApiVersion 2018-02-01 foreach ($slot in $slots) { $thumbprintSites.Add($slot.Name) | Out-Null } } } } Write-Host ("`n`nCertificate with thumbprint " + $Thumbprint ` + " and subject name " + $certSubjectName) Write-Host ("is in these below websites and slots : " ) $thumbprintSites | ForEach-Object { "Website Name : [$PSItem]" }
Hi,
We are are looking to get a list of all AppServices with certificates details for all subscription with the following details.
SubscriptionId, ResourcesGroup, ResourceName, Certificate Name, Cert Thumbprint, Expiration
A script or some pointer will be really appreciated.
LikeLike