stackoom
  简体   繁体   中英

Azure api management ssl certificate must have a private key

 原文  2021-10-31 12:37:45       azure/ azure-api-management/ terraform-provider-azure

Question

I have been working on the deployment of an azure api management with a self signed certificate and private key.

Goes without saying that I tested my terraform code a couple of days ago and everything worked just fine and I was able to deploy my infra using terraform, so I deleted the resources group from the portal. Today I wanted to spin up the infra once again but I got the following error:

Error: creating/updating API Management Service "demo-apim-testing" (Resource Group "rg-testing-apim"): apimanagement.ServiceClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameters" Message="Invalid parameter: Certificate 'XXXXXXXX' must have a Private Key."

And the error points to this resource:


resource "azurerm_api_management" "demo-apim" {
  name     = "demo-apim-test"
  sku_name = "Developer_1"

  hostname_configuration {
    proxy {
      host_name                    = "apim.test.com"
      certificate                  = filebase64(var.ssl_certificate_path)
      certificate_password         = var.ssl_certificate_password
      default_ssl_binding          = true
      negotiate_client_certificate = false
    }
  }

I did generated the certificate .cer and the .pfx as set them as variables:

variable "ssl_certificate_path" {
  default = "./certificate.cer"
}

variable "pfx_certificate" {
  default = "./certificate.pfx"
  
}

variable "ssl_certificate_password" {
  default = "XXXXX"
}

while in my application gateway I set the same configuration. as follow:

  ssl_certificate {
    data     = filebase64(var.pfx_certificate)
    name     = "demo-app-gateway-certificate"
    password = var.ssl_certificate_password
    

  }

  trusted_root_certificate {
    data = filebase64(var.ssl_certificate_path)
    name = "demo-trusted-root-ca-certificate"
  }

This same configuration returned successful on my latest deployment and was able to test the connection and everything. But today it just does not recognise my certificate anymore.

Can please anyone enlighten me about what am I doing wrong here?

Please if you need more details or you have any question, don't hesitate to ask. thank you so much

1 answers

solution1
 0  2021-11-01 03:29:49

As the certificate block supports the base 64 encoded PFX or base 64 encoded X.509 certificate,

You can use the below code:

certificate = filebase64(var.pfx_certificate)

Instead of

certificate = filebase64(var.ssl_certificate_path)

So the final code should like below:

resource "azurerm_api_management" "demo-apim" {
  name     = "demo-apim-test"
  sku_name = "Developer_1"

  hostname_configuration {
    proxy {
      host_name                    = "apim.test.com"
      certificate                  = filebase64(var.pfx_certificate))
      certificate_password         = var.ssl_certificate_password
      default_ssl_binding          = true
      negotiate_client_certificate = false
    }
  }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question unexpected error creating SSL Cert: certificate and private key does not have a matching public key: tls: private key does not match public key Azure KeyVault - Use certificate and certificate private key Exporting the SSL certificate with the private Key on windows Can't upgrade Azure deployment using Management REST API (SSL certificate issue) Read a TLS/SSL private key certificate in your code in Azure App Service Azure Key Vault Certificate Management using Java Change the role certificate via Azure management api? How to renew Azure API management certificate Azure API Management - Client Certificate Authentication Responsibilities? Azure API Management - bypass SSL validation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM