0
以下腳本將生成自簽名證書,創建密碼安全pfx並將證書添加到密鑰保管庫。 當我在腳本之後運行ARM模板時,它會失敗並顯示以下錯誤。 但是,當我手動上傳UI(Azure門戶)中的pfx並輸入正確的密碼時,ARM模板將成功部署。 任何想法如何得到這個工作?密鑰保管庫中的Azure證書不適用於應用服務
PowerShell代碼(上傳在門戶所生成的PFX時,不會引發錯誤):
# Generate the certificate in the local store
$cert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -Subject "CN=$certificateName" -KeyExportPolicy Exportable
# Get the raw value of the certificate
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
Export-PfxCertificate -Cert $cert -Password $certPasswordSecure -FilePath "d:/temp/SelfSigned.pfx"
$secret = ConvertTo-SecureString -String $keyValue -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName $keyVaultName -Name $keyVaultSecretNameCertificate -SecretValue $keyValue -ContentType $secretContentType
錯誤:
New-AzureRmResourceGroupDeployment : 21:22:36 - Resource Microsoft.Web/certificates 'testCertificate' failed with message '{
"Code": "BadRequest",
"Message": "The parameter KeyVault Certificate has an invalid value.",
"Target": null,
"Details": [
{
"Message": "The parameter KeyVault Certificate has an invalid value."
},
{
"Code": "BadRequest"
},
{
"ErrorEntity": {
"Code": "BadRequest",
"Message": "The parameter KeyVault Certificate has an invalid value.",
"ExtendedCode": "51008",
"MessageTemplate": "The parameter {0} has an invalid value.",
"Parameters": [
"KeyVault Certificate"
],
"InnerErrors": null
}
}
],
"Innererror": null
}'
At line:3 char:1
+ New-AzureRmResourceGroupDeployment -Name TestKeyVaultDeploy -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : 21:23:11 - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations
for details. Please see https://aka.ms/arm-debug for usage details.
At line:3 char:1
+ New-AzureRmResourceGroupDeployment -Name TestKeyVaultDeploy -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : 21:23:11 - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations
for details. Please see https://aka.ms/arm-debug for usage details.
At line:3 char:1
+ New-AzureRmResourceGroupDeployment -Name TestKeyVaultDeploy -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
ARM證書資源:
{
"type": "Microsoft.Web/certificates",
"name": "testCertificate",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[parameters('masterKeyVaultId')]",
"keyVaultSecretName": "[parameters('servicePrincipalCertSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
}
},