如何使用 powershell 从 Azure keyvault in.cer 格式下载证书?
[英]how to download certificate from Azure keyvault in .cer format using powershell?
问题描述
I would like to download certificate from keyvault in the format.cer as part of my automation script.
我想从 keyvault 以 format.cer 格式下载证书,作为我的自动化脚本的一部分。 How would I do it using powershell?我将如何使用 powershell 来做到这一点?
1 个解决方案
解决方案1
0 已采纳 2020-06-23 02:09:12
If you want to download the certificate as .cer file in the automation runbook, you could use the script below to download it to the temp folder $env:temp .如果您想在自动化运行手册中将证书下载为.cer文件,您可以使用下面的脚本将其下载到临时文件夹$env:temp中。
Make sure you have already added the service principal related to the RunAs Account to the Access policies of your keyvault, it needs the Get in Secret Permissions and Get in Certificate Permissions .确保您已将与 RunAs 帐户相关的服务主体添加到密钥库的Access policies中,它需要Get in Secret Permissions和Get in Certificate Permissions 。
Sample:样本:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$cert = Get-AzKeyVaultCertificate -VaultName "joykeyvault" -Name "test1234"
$secret = Get-AzKeyVaultSecret -VaultName "joykeyvault" -Name $cert.Name
$secretByte = [Convert]::FromBase64String($secret.SecretValueText)
$x509Cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$x509Cert.Import($secretByte, "", "Exportable,PersistKeySet")
$cer = Export-Certificate -Cert $x509Cert -FilePath $env:temp\test.cer
Write-Output $cer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.