FIX: The certificate for the Classic Run As account has expired

In short

The tutorial is about “The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

But when you try to re-new the certificate, it’s grayed out.

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

This is a certificate used for classic Azure. Under the tutorial itself I will explain more about this.


Let’s get rid of this message.

I have put most of the steps in one screenshot, so pay attention!
I assume that you are already logged in to the Azure portal.

Go to Subsciptions.
Select the Subscription that contains the Azure Automation account.
Go to Access control (IAM).
Open tab Classic Administratos.
Click on Add and add and administrator account.

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

If you click on the error message again to renew the certificate, you can select the Classic account and click on Renew certificate.

The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).
The certificate for the Classic Run As account has expired. Click here to renew the certificate(s).

You can also monitor this with Azure Automation, how coincidental.

This script was shared on Azure Advisors.
It needs some adjustments before it is automated, but you understand the idea behind it.

From from Azure Advisors:

$RunAsCert = Get-AutomationCertificate -Name 'AzureRunAsCertificate'

if ($RunAsCert.NotAfter -gt (Get-Date).AddDays(8))
{
throw ("Certificate will expire at " + $RunAsCert.NotAfter)
}

Should I still care about Classic Azure?

It depends.
Do you still have resources in Classic Azure and do you use Azure Automation to manage the resources? Then I would renew the certificate.

We ourselves no longer have customers who have classic resources, so it wouldn’t really matter to me.

Only I find the error message annoying to see every time, so I renew the certificate.
On the other hand, I don’t monitor the lifetime certificate.


A little extra

This post contains PowerShell. Would you like to learn the basics better? I have created a new website to learn basic PowerShell in an ’emulator’ environment.
Click here to go learn Basic PowerShell.

Published by

Bas Wijdenes

My name is Bas Wijdenes and I work as a PowerShell DevOps Engineer. In my spare time I write about interesting stuff that I encounter during my work.

One thought on “FIX: The certificate for the Classic Run As account has expired”

  1. I always love to use automation software which can help to make my work easy therefore my productivity will improve.

Leave a Reply

Your email address will not be published. Required fields are marked *