使用ARM將PFX證書添加到Azure WebApp（不適用於ssl）

Question

下面的代碼使用Azure資源管理器支持的Rest Management APIS，將證書從密鑰庫添加到ARM。

var secret = keyvaultClient.GetSecretAsync(vaultUri, options.CertificateName).GetAwaiter().GetResult();

var certUploaded = client.Certificates.CreateOrUpdateCertificateWithHttpMessagesAsync(
    options.ResourceGroupName, options.CertificateName,
    new Certificate {
        PfxBlob = secret.Value,
        Location = app.Body.Location
    }).GetAwaiter().GetResult();

var appSettings = client.Sites.ListSiteAppSettingsWithHttpMessagesAsync(options.ResourceGroupName, options.WebAppName).GetAwaiter().GetResult();
var existing = (appSettings.Body.Properties["WEBSITE_LOAD_CERTIFICATES"] ?? "").Split(',').ToList();
if (!existing.Contains(certUploaded.Body.Thumbprint))
    existing.Add(certUploaded.Body.Thumbprint);

appSettings.Body.Properties["WEBSITE_LOAD_CERTIFICATES"] = string.Join(",",existing);
appSettings.Body.Properties[$"CN_{options.CertificateName}"] = certUploaded.Body.Thumbprint;

var result = client.Sites.UpdateSiteAppSettingsWithHttpMessagesAsync(options.ResourceGroupName, options.WebAppName, appSettings.Body).GetAwaiter().GetResult();

問題是，當將其加載到webapp中時

        X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        certStore.Open(OpenFlags.ReadOnly);
        X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                   X509FindType.FindByThumbprint,
                             // Replace below with your cert's thumbprint
                             "0CE28C6246317AEB00B88C88934700865C71CBE0",
                                   false);

        Trace.TraceError($"{certCollection.Count}");
        Console.WriteLine($"{certCollection.Count}");
        // Get the first cert with the thumbprint
        if (certCollection.Count > 0)
        {
            X509Certificate2 cert = certCollection[0];
            // Use certificate
            Console.WriteLine(cert.FriendlyName);
        }
        certStore.Close();

它沒有被加載。

如果我改用門戶網站上載，則一切正常。

我還注意到在ARM中不存在門戶中上載的證書，只有在帖子開頭添加了代碼的證書才存在。

那么，我們需要做些什么才能使證書可用於webapp而不涉及手動上傳到門戶的證書？

Answer 1

問題是證書應該添加到Webapp所在的服務器場的資源組中，而不是Webapp的資源組中。

更改代碼以將其部署到正確的資源組可以解決所有問題。

供參考，我的更新代碼在這里：

var vaultUri = $"https://{options.VaultName}.vault.azure.net";
var keyvaultClient = new KeyVaultClient((_, b, c) => Task.FromResult(options.VaultAccessToken));

using (var client = new WebSiteManagementClient(
    new TokenCredentials(cred.AccessToken)))
{
    client.SubscriptionId = cred.SubscriptionId;

    var app = client.Sites.GetSite(options.ResourceGroupName, options.WebAppName);
    var serverFarmRG = Regex.Match(app.ServerFarmId, "resourceGroups/(.*?)/").Groups[1];

    var secret = keyvaultClient.GetSecretAsync(vaultUri, options.CertificateName).GetAwaiter().GetResult();

    var certUploaded = client.Certificates.CreateOrUpdateCertificate(
        serverFarmRG.Value, options.CertificateName,
        new Certificate
        {
            PfxBlob = secret.Value,
            Location = app.Location
        });

    var appSettings = client.Sites.ListSiteAppSettings(options.ResourceGroupName, options.WebAppName);
    appSettings.Properties["WEBSITE_LOAD_CERTIFICATES"] = string.Join(",", client.Certificates.GetCertificates(serverFarmRG.Value).Value.Select(k => k.Thumbprint));
    appSettings.Properties[$"CN_{options.CertificateName}"] = certUploaded.Thumbprint;

    var result = client.Sites.UpdateSiteAppSettings(options.ResourceGroupName, options.WebAppName, appSettings);

使用ARM將PFX證書添加到Azure WebApp（不適用於ssl）

問題描述

1 個解決方案

解決方案1
4 已采納 2016-01-20 17:13:31

使用ARM將PFX證書添加到Azure WebApp（不適用於ssl）

問題描述

1 個解決方案

解決方案1 4 已采納 2016-01-20 17:13:31

解決方案1
4 已采納 2016-01-20 17:13:31