[英]Bind SSL Certificate from KeyVault to webapp using Azure CLI
We are currently using the following ARM template to bind the an SSL certificate to a WebApp, but we want to migrate to Azure CLI, but cannot find a way to do this without downloading the certificate. 当前,我们正在使用以下ARM模板将SSL证书绑定到WebApp,但是我们希望迁移到Azure CLI,但是如果不下载证书,就找不到找到此方法。
{
"type": "Microsoft.Web/certificates",
"name": "[variables('certificateName')]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[resourceId(parameters('existingKeyVaultResourceGroup'), 'Microsoft.KeyVault/vaults',parameters('existingKeyVaultId'))]",
"keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms',variables('hostingPlanName'))]"
}
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(variables('webAppName'), '/', variables('hostname'))]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint]"
},
"dependsOn": [
"[concat('Microsoft.Web/certificates/',variables('certificateName'))]"
]
}
This is sample script on the official site , if you don't want to download it, you should have it on your local. 这是官方网站上的示例脚本,如果您不想下载它,则应将其放在本地。
#!/bin/bash
fqdn=<replace-with-www.{yourdomain}>
pfxPath=<replace-with-path-to-your-.PFX-file>
pfxPassword=<replace-with-your=.PFX-password>
resourceGroup=myResourceGroup
webappname=mywebapp$RANDOM
# Create a resource group.
az group create --location westeurope --name $resourceGroup
# Create an App Service plan in Basic tier (minimum required by custom domains).
az appservice plan create --name $webappname --resource-group $resourceGroup --sku B1
# Create a web app.
az webapp create --name $webappname --resource-group $resourceGroup \
--plan $webappname
echo "Configure a CNAME record that maps $fqdn to $webappname.azurewebsites.net"
read -p "Press [Enter] key when ready ..."
# Before continuing, go to your DNS configuration UI for your custom domain and
follow the
# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for
the
# hostname "www" and point it your web app's default domain name.
# Map your prepared custom domain name to the web app.
az webapp config hostname add --webapp-name $webappname --resource-group
$resourceGroup \
--hostname $fqdn
# Upload the SSL certificate and get the thumbprint.
thumbprint=$(az webapp config ssl upload --certificate-file $pfxPath \
--certificate-password $pfxPassword --name $webappname --resource-group
$resourceGroup \
--query thumbprint --output tsv)
# Binds the uploaded SSL certificate to the web app.
az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI \
--name $webappname --resource-group $resourceGroup
echo "You can now browse to https://$fqdn"
Hope this could help you, if you still have other questions, please let me know. 希望这对您有帮助,如果您还有其他问题,请告诉我。
TLS/SSL --> Private key certificate --> import key vault certificate TLS / SSL->私钥证书->导入密钥库证书
can any one please share arm/script to configure. 任何人都可以共享arm / script进行配置。
Manaully we are apply to do and we need script to perform 手动地,我们申请去做,我们需要脚本来执行
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.