使用Azure SDK 1.7从Visual Studio发布不再起作用-证书/缩略图错误
[英]publishing from Visual Studio with Azure SDK 1.7 no longer works - certificate/thumbprint error
问题描述
I have a long-standing Azure Cloud Service project, which I use to deploy web and worker roles to Azure from Studio. 
我有一个长期的Azure云服务项目,用于从Studio将Web和辅助角色部署到Azure。 The cloud service definition and cloud configuration files include information about certificates that have been uploaded to the cloud service. 云服务定义和云配置文件包括有关已上载到云服务的证书的信息。 So, in the service definition: 因此,在服务定义中:
<Certificates>
<Certificate name="cert" storeLocation="LocalMachine" storeName="My" />
<Certificate name="encryption" storeLocation="LocalMachine" storeName="My" />
</Certificates>
and in the service configuration: 并在服务配置中:
<Certificates>
<Certificate name="cert" thumbprint="[hidden]" thumbprintAlgorithm="sha1" />
<Certificate name="encryption" thumbprint="[hidden]" thumbprintAlgorithm="sha1" />
</Certificates>
I have been publishing with these configurations and certificates to the same cloud service for a long, long time with no problems. 很长时间以来,我一直使用这些配置和证书发布到同一云服务,没有任何问题。
Now, I have just upgraded to the Azure 1.7 SDK (June 2012) for Visual Studio 2010 sp1. 现在,我已经升级到Visual Studio 2010 sp1的Azure 1.7 SDK(2012年6月)。 Once I upgrade my cloud service project [in Properties, click "Upgrade"], I am no longer able to deploy, due to an apparent certificate error: 升级我的云服务项目后[在“属性”中,单击“升级”],由于明显的证书错误,我不再能够部署:
1:25:28 PM - Connecting... 1:25:33 PM - Error: Certificate: 'cert' with Thumbprint: for Role: My.Web has not been uploaded to the cloud service: My Test NC.
Notice that there is no Thumbprint listed at all in the error - I did not remove it here for security purposes. 请注意,错误中根本没有列出任何指纹-为了安全起见,我在这里没有将其删除。
If I edit the project file and change absolutely nothing else besides changing 1.7 to 1.6, once again deployments from Studio work perfectly. 如果我编辑项目文件,并且除了将1.7更改为1.6以外,完全没有其他更改,那么Studio的部署再次可以完美地工作。
It seems like there is some trouble with Visual Studio sp1 and Azure 1.7, but I haven't found any evidence of anyone else having similar troubles. Visual Studio sp1和Azure 1.7似乎有一些问题,但是我还没有发现任何证据表明其他人也有类似的问题。
UPDATE: I just talked to Microsoft and we're now at least clear on the reproduction steps: 更新:我刚刚和Microsoft谈过,现在至少在复制步骤上很清楚:
- there have to be multiple service configurations (eg "Development" and "Test") 必须有多个服务配置(例如“开发”和“测试”)
- the different environments have to have different certificates (and therefore different thumbprints). 不同的环境必须具有不同的证书(因此具有不同的指纹)。
Since one presumably wouldn't want to store production certificates on development machines (esp. because one wouldn't want development machines to have the ability to decrypt encrypted production values - consider, for instance, if a development laptop got lost), different certificates in different environments seems in line with standard best practices. 由于一个人可能不想将生产证书存储在开发机器上(特别是因为一个人不希望开发机器具有解密加密的生产值的能力-例如,如果一个开发笔记本电脑丢失了,请考虑),因此请使用不同的证书在不同的环境中似乎符合标准的最佳做法。
So, at this point, Microsoft is going to consider whether or not this is something that needs to get fixed. 因此,此时,Microsoft将考虑是否需要解决此问题。 In the meanwhile, the workarounds for Azure 1.7 SDK are: (1) don't use "publish" from Studio; 同时,Azure 1.7 SDK的解决方法是:(1)不要使用Studio中的“发布”; (2) don't use multiple service configurations; (2)不要使用多种服务配置; or (3) use the same certificates in all environments (not personally recommended by me). 或(3)在所有环境中使用相同的证书(我个人不推荐)。
3 个解决方案
解决方案1
1 已采纳 2012-06-30 20:27:10
The "answer" appears to be that when you have multiple cscfg files in the same project, using different thumbprints for the same cert name (which one obviously is likely to want to do) you will encounter this issue. “答案”似乎是,当您在同一项目中拥有多个cscfg文件时,对同一证书名称使用不同的指纹(显然很可能会这样做),您将遇到此问题。
<Certificates>
<Certificate name="cert" thumbprint="[hidden]" thumbprintAlgorithm="sha1" />
<Certificate name="encryption" thumbprint="[hidden]" thumbprintAlgorithm="sha1" />
</Certificates>
Thus, if the value of [hidden] varies on say, cscfg files for dev, test, and live, you'll encounter the error you mention when you try to publish to any of them (say test.) 因此,如果[hidden]的值在开发,测试和实时使用的cscfg文件上有所不同,则在尝试发布到任何一个(例如test)时,都会遇到您提到的错误。
If you delete the cscfg files for dev and live using manage configurations and remove, then try publishing using the remaining test configuration file, the publish will work (at least for me.) 如果您使用管理配置删除开发人员的cscfg文件并使用管理配置进行实时删除,然后尝试使用其余的测试配置文件进行发布,则发布将起作用(至少对我而言)。
This seems like a defect. 这似乎是一个缺陷。
解决方案2
1 2013-06-19 23:30:10
We found yet another case when this issue can be seen. 当发现此问题时,我们发现了另一种情况。 In VS2012.2 the thumbprint of the certificates are in lower case but it seems the Azure management API demands it in upper case. 在VS2012.2中,证书的指纹为小写字母,但似乎Azure管理API要求使用大写字母。 This is a bug in the Management Portal/API side because a thumbprint can be in any case - there is no informational content in the case itself so the check should be case agnostic by the party that performs the check (the Azure Fabric Controller I believe). 这是Management Portal / API方面的错误,因为在任何情况下都可以使用指纹-案例本身没有信息内容,因此执行检查的一方应与情况无关地进行检查(我相信Azure Fabric Controller )。
I'm uploading an image showing this (Click here for the full resolution image ) 我正在上传显示此图片(点击此处查看完整分辨率图片 )
解决方案3
0 2012-07-19 14:21:56
Kent, in addition to the workarounds you have provided, you can also transform the config files during the build step. 肯特,除了提供的解决方法外,您还可以在构建步骤中转换配置文件。 Phil Hoff has a blog post discussing how to do this at http://blogs.msdn.com/b/philliphoff/archive/2012/07/02/transform-windows-azure-service-model-files-during-packaging.aspx . 菲尔·霍夫(Phil Hoff)在http://blogs.msdn.com/b/philliphoff/archive/2012/07/02/transform-windows-azure-service-model-files-during-packaging中讨论了如何执行此操作。 aspx 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.