If you’re about to upload Hyper-V or VMware vSphere virtual machine(s) to Microsoft Azure you need to properly configure the connection in Microsoft Virtual Machine Converter.
Subscription ID (which everyone should hopefully know), as well as Certificate Thumbprint are required to make this happen. Subscription ID can be retrieved either via the management portal or Get-AzureSubscription commandlet but Certificate Thumbprint is not so easy.
Here is the MVMC screen I’m on about:
If you have connected to your Azure subscription in the past using Powershell, chances are you already have the certificate that’s required. In my case, I like to keep things separated so thought it would be best to generate a new cert and use that cert specifically for MVMC related tasks.
To check if you already have a management certificate, navigate to the Classic Portal (manage.windowsazure.com) and head over to SETTINGS section down the bottom and MANAGEMENT CERTIFICATES tab:
If your screen looks the same as mine you may proceed with the rest of the blog post. If you, however, already have a management cert and don’t mind using it for MVMC you can simply copy the Thumbprint and you are done.
So assuming there is no cert to use we would need to create and upload one. In order to do that there are few Powershell commands that need to be executed. These are:
|
1 2 3 4 5 6 7 |
Import-Module PKI ## This will import public key infrastructure modules into Powershell New-SelfSignedCertificate -DnsName "MVMC" -CertStoreLocation "Cert:\CurrentUser\My" ## Creates private cert in the current user’s Personal certificate store Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My\ -DnsName MVMC) -FilePath $env:TEMP\MVMC.cer ## Exports public cert created above using New-SelfSignedCertificate Import-Certificate -FilePath $env:TEMP\MVMC.cer -CertStoreLocation Cert:\CurrentUser\Root ## Imports the cert into the current user’s Trusted Root Certification Authorities store |
And the typical output you should expect:
Please note that the cert you have just created needs to be kept secure so definitely copy it out of the %TEMP% folder. This cert will essentially allow anyone to connect to your Azure subscription and wreak havoc if they wish.
Once this is done, please upload the MVMC.crt file to Azure portal and you should see it on the list as follows:
Now copy the Subscription ID and matching Certificate Thumbprint and use within Microsoft Virtual Machine Converter to proceed to the next step.
That’s it.
I’m having trouble with this. I’ve managed to create a self signed cert using Azure key vault, uploaded it and applied it to the subscription as a management certificate and obtained the thumbprint.
Upon putting the information into MVMC I get the error “The certificate with thumbprint [____] was not found in the personal certificate store. Installing the certificate to my local machine made no difference.