[英]how to download certificate from Azure keyvault in .cer format using powershell?
I would like to download certificate from keyvault in the format.cer as part of my automation script.我想从 keyvault 以 format.cer 格式下载证书,作为我的自动化脚本的一部分。 How would I do it using powershell?我将如何使用 powershell 来做到这一点?
If you want to download the certificate as .cer
file in the automation runbook, you could use the script below to download it to the temp folder $env:temp
.如果您想在自动化运行手册中将证书下载为.cer
文件,您可以使用下面的脚本将其下载到临时文件夹$env:temp
中。
Make sure you have already added the service principal related to the RunAs Account to the Access policies
of your keyvault, it needs the Get
in Secret Permissions and Get
in Certificate Permissions .确保您已将与 RunAs 帐户相关的服务主体添加到密钥库的Access policies
中,它需要Get
in Secret Permissions和Get
in Certificate Permissions 。
Sample:样本:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$cert = Get-AzKeyVaultCertificate -VaultName "joykeyvault" -Name "test1234"
$secret = Get-AzKeyVaultSecret -VaultName "joykeyvault" -Name $cert.Name
$secretByte = [Convert]::FromBase64String($secret.SecretValueText)
$x509Cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$x509Cert.Import($secretByte, "", "Exportable,PersistKeySet")
$cer = Export-Certificate -Cert $x509Cert -FilePath $env:temp\test.cer
Write-Output $cer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.