使用 Azure SDK 从 Azure 函数中删除/重新绑定 SSL 证书
[英]Remove / rebind SSL certificate from an Azure function using Azure SDK
问题描述
I am trying to automate the process of obtaining an SSL certificate on my azure portal.
我正在尝试在我的 azure 门户上自动执行获取 SSL 证书的过程。 For that I wrote an Azure function which downloads a new certificate and then uploads/binds it to my web app.为此,我编写了一个 Azure 函数,用于下载新证书,然后将其上传/绑定到我的 Web 应用程序。 The code looks like this:代码如下所示:
app.Update()
.DefineSslBinding()
.ForHostname("*.my.domain")
.WithPfxCertificateToUpload(Path.Combine(executionContext.FunctionDirectory, "cert.pfx"), "pwd")
.WithSniBasedSsl()
.Attach()
.Apply();
which is supposed to upload a new certificate and create a new binding.它应该上传一个新证书并创建一个新的绑定。 It works as expected on a web app without existing certificates/bindings but if I run the function again I have some problems:它在没有现有证书/绑定的网络应用程序上按预期工作,但如果我再次运行该功能,我会遇到一些问题:
- The new certificate doesn't appear in the azure portal新证书未出现在 azure 门户中
- The binding remains the same绑定保持不变
- If I manually remove the binding and run my code again it'll create the same binding with the very first certificate I had, ie becomes the same again如果我手动删除绑定并再次运行我的代码,它将使用我拥有的第一个证书创建相同的绑定,即再次变得相同
- Funny thing: I don't receive any failure有趣的事情:我没有收到任何失败
After some researching I figured out that if I list my certificates in the azure cli with az webapp config ssl list the list on the portal is updated, ie all the certificates were there.经过一些研究,我发现如果我在 azure cli 中使用az webapp config ssl list列出我的证书,则门户上的列表会更新,即所有证书都在那里。 But that doesn't help much.但这并没有多大帮助。
My general question would be: is there any other way of rebinding a certificate?我的一般问题是:有没有其他方法可以重新绑定证书?
Or, as an obvious workaround would be to remove an existing binding and the certificate beforeahead: how can I do the SSL certificate removal in an azure function using the .NET SDK?或者,一个明显的解决方法是提前删除现有绑定和证书:如何使用 .NET SDK 在 azure 函数中删除 SSL 证书?
1 个解决方案
解决方案1
3 已采纳 2018-09-03 07:31:56
Found the way.找到路了One should do this in 2 steps: first, upload a certificate with应该分两步执行此操作:首先,上传证书
var certificate = await azure.AppServices.AppServiceCertificates
.Define($"some-name")
.WithRegion(app.Region)
.WithExistingResourceGroup(app.ResourceGroupName)
.WithPfxByteArray(pfxBytes)
.WithPfxPassword("test")
.CreateAsync();
and then using WithExistingCertificate :然后使用WithExistingCertificate :
await app.Update()
.DefineSslBinding()
.ForHostname("*.my.domain")
.WithExistingCertificate(certificate.Thumbprint)
.WithSniBasedSsl()
.Attach()
.ApplyAsync();
There is a pending pull request in order to do that in a single call https://github.com/Azure/azure-libraries-for-net/pull/208有一个挂起的拉取请求,以便在一次调用中执行此操作https://github.com/Azure/azure-libraries-for-net/pull/208
UPD: The PR was merged so instead of 2 calls you can simply use a single one: UPD: PR 已合并,因此您可以简单地使用单个调用而不是 2 个调用:
var certBytes = certificateService.RetreiveCertificate();
webapp
.Update()
.DefineSslBinding()
.ForHostname("my.hostname")
.WithPfxByteArrayToUpload(certBytes, "password")
.WithSniBasedSsl()
.Attach()
.Apply();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.