stackoom
  简体   繁体   中英

Azure - Add private certificate - error with Key vault key and permissions

 原文  2016-08-29 16:34:18       azure/ certificate/ azure-keyvault

Question

Basically I'm trying to add a private certificate (.pfx file) to an Integration Account. I'm using the new portal.

What I've done/created:

  • Resource Group
  • Integration Account
  • Key Vault
  • Active Directory
  • Give permissions to my user to all keys and secrets using command Set-AzureRmKeyVaultAccessPolicy

Whenever I go to my Integration Account > Certificates > Add > choose [Certificate Type]="Private", the comboboxes Resource Group and Key Vault get filled automatically but the Key Name throws the following error:

Communication with key vault [MY_KEY_VAULT] failed. Please authorize logic apps to perform operations on key vault by granting access for the logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations.

Weird stuff is that the ObjectID 7cd684f4-8a78-49b0-91ec-6a35d38739ba does not belong to my AD but to my company AD.

3 answers

solution1
 3  2017-07-14 15:43:57

The Guid given in the error message is a bit misleading. It refers to the Azure Logic Apps service account.

You can resolve the issue by giving the user 'Azure Logic Apps' the required permissions in the KeyVault

在此处输入图片说明

solution2
 2 ACCPTED  2016-08-29 22:03:18

Need to set access policy

When you create private certificate, follow these steps:

  1. Upload key to key vault

  2. Set access policy, where logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba'

    Set access policy:

     Set-AzureRmKeyVaultAccessPolicy -VaultName 'IntegrationAccountVault1' -ServicePrincipalName $servicePrincipal -PermissionsToKeys decrypt, sign, get, list

  3. In integration account, use add certificate and select private certificate from dropdown. Associate key with the corresponding public certificate.

solution3
 -1  2016-08-30 13:41:37

The error message you have copied clearly says that the authorization step is missing. Need to authorize the Logic Apps to perform operations on Key Vault by granting access to the Logic Apps service principal ('7cd684f4-8a78-49b0-91ec-6a35d38739ba').

Execute the Set access policy given above.

I have copied the error you have posted for reference.

"Communication with key vault [MY_KEY_VAULT] failed. Please authorize logic apps to perform operations on key vault by granting access for the logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to Get Private Key from Certificate in an Azure Key Vault? Azure Error While Adding Certificate to Key Vault Azure Key Vault Protecting Certificate Azure key vault: Merge certificate Azure Key Vault access permissions and key security Azure Key Vault Certificate: the key was not found Azure: manually add app service certificate to key vault Azure : Error using certificate obtained from Key Vault in App Service Azure certificate in Key Vault not valid for app service Azure self-signed certificate on Key vault
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM