[英]How to get thumbprint of the certificate associated with a service principal using Powershell?
I have a certificate associated with a service principal in Azure AD.我有一个与 Azure AD 中的服务主体关联的证书。 How can I get the certificate name or thumbprint associated with it using powershell?
如何使用 powershell 获取与其关联的证书名称或指纹?
I have tried Get-AzureRmADServicePrincipalCredential
, Get-AzureRmADSpCredential
and Get-AzureADServicePrincipalKeyCredential
commands but they return Key Identifier
not thumbprint.我尝试过
Get-AzureRmADServicePrincipalCredential
、 Get-AzureRmADSpCredential
和Get-AzureADServicePrincipalKeyCredential
命令,但它们返回的是Key Identifier
而不是指纹。
Basically I want to recognize which certificate is associated with the principal before revoking it.基本上我想在撤销它之前识别哪个证书与委托人相关联。
As @Stanley Gong mentioned, you can use MS Graph to get it.正如@Stanley Gong 提到的,您可以使用 MS Graph 来获取它。
Here is another way, try the command as below, the $Thumbprint
is that you want.这是另一种方法,请尝试以下命令,
$Thumbprint
是您想要的。
Note the <object-id>
is the object id of your AD App(App registration), not the service principal(Enterprise application), they are different.注意
<object-id>
是您的 AD 应用程序(应用程序注册)的 object id,而不是服务主体(企业应用程序),它们是不同的。
$CustomKeyIdentifier = (Get-AzureADApplicationKeyCredential -ObjectId "<object-id>").CustomKeyIdentifier
$Thumbprint = [System.Convert]::ToBase64String($CustomKeyIdentifier)
Try the PS command below to get cert thumbprint via Microsoft Graph API:尝试下面的 PS 命令通过 Microsoft Graph API 获取证书指纹:
$clientId = "<your Azure AD App ID>"
$clientSec="<your Azure AD App Secret>"
$appObjId = "<object ID of the app that you want to query>"
$tenant = "<your tenant ID>"
$body=@{
"grant_type"="client_credentials";
"resource"="https://graph.microsoft.com/";
"client_id"= $clientId;
"client_secret" = $clientSec
}
$accessToken=(Invoke-RestMethod -Uri "https://login.windows.net/$tenant/oauth2/token" -Method POST -Body $body ).access_token
$keyCreds = Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/applications/$appObjId/keyCredentials" -Method Get -Headers @{"Authorization" = "Bearer $accessToken"}
$keyCreds.value.customKeyIdentifier
Result: my certs on portal:结果:我在门户网站上的证书:
Pls note that make sure your app which you used for getting token with permission below so it can call Microsoft graph API to query your apps:请注意,确保您用于获取令牌的应用程序具有以下权限,以便它可以调用 Microsoft graph API 来查询您的应用程序:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.