FIX: The certificate for the Classic Run As account has expired

In short

The tutorial is about “The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

But when you try to re-new the certificate, it’s grayed out.

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

This is a certificate used for classic Azure. Under the tutorial itself I will explain more about this.


Let’s get rid of this message.

I have put most of the steps in one screenshot, so pay attention!
I assume that you are already logged in to the Azure portal.

Go to Subsciptions.
Select the Subscription that contains the Azure Automation account.
Go to Access control (IAM).
Open tab Classic Administratos.
Click on Add and add and administrator account.

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

If you click on the error message again to renew the certificate, you can select the Classic account and click on Renew certificate.

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

You can also monitor this with Azure Automation, how coincidental.

This script was shared on Azure Advisors.
It needs some adjustments before it is automated, but you understand the idea behind it.

From from Azure Advisors:

$RunAsCert = Get-AutomationCertificate -Name 'AzureRunAsCertificate'

if ($RunAsCert.NotAfter -gt (Get-Date).AddDays(8))

{

throw ("Certificate will expire at " + $RunAsCert.NotAfter)

}

Should I still care about Classic Azure?

It depends.
Do you still have resources in Classic Azure and do you use Azure Automation to manage the resources? Then I would renew the certificate.

We ourselves no longer have customers who have classic resources, so it wouldn’t really matter to me.

Only I find the error message annoying to see every time, so I renew the certificate.
On the other hand, I don’t monitor the lifetime certificate.


A little extra

This post contains PowerShell. Would you like to learn the basics better? I have created a new website to learn basic PowerShell in an ’emulator’ environment.
Click here to go learn Basic PowerShell.

Published by

Bas Wijdenes

My name is Bas Wijdenes and I work full-time as a Services Engineer. In my spare time I write about the error messages that I encounter during my work. Furthermore, I am currently occupied with Office 365, Azure infrastructure, and PowerShell for automating daily tasks.

One thought on “FIX: The certificate for the Classic Run As account has expired”

Leave a Reply

Your email address will not be published. Required fields are marked *