azure - 从 Key Vault 将证书添加到 Azure VM
问题描述
我正在使用此链接上的步骤将应用服务证书配置到 Azure 虚拟机 - https://blogs.msdn.microsoft.com/appserviceteam/2017/10/26/configure-app-service-certificate-to-azure-virtual -机器/
我已经完成了第 1 步到第 6 步。我在尝试将证书从密钥保管库添加到 VM 时卡住了。我使用了链接中的步骤:https ://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-secure-web-server
我在 azure 门户的云 shell 上使用了以下脚本。
$certUrl = (Get-AzureKeyVaultSecret -VaultName "xxxKeyVault" -Name "xxxcert").Id;
$vm=Get-AzureRmVM -ResourceGroupName "xxx_Group" -Name "XXX"
$vaultId=(Get-AzureRmKeyVault -VaultName "xxxKeyVault").ResourceId
$certStore = "MyCert";
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore $certStore -CertificateUrl $certURL
Update-AzureRmVM -ResourceGroupName "xxx_Group" -VM $vm>
但是到最后一个脚本,我得到了错误
Update-AzureRmVM :列表 vaultCertificates 包含重复的 ( https://xxxkeyvault.vault.azure.net/secrets/xxxxxx/xxxxxx , mycert) 实例,这是不允许的。ErrorCode: InvalidParameter ErrorMessage: List vaultCertificates 包含重复的 ( https://xxxkeyvault.vault.azure.net/secrets/xxxxxx/xxxxxx , mycert) 实例,这是不允许的。ErrorTarget: vaultCertificates StatusCode: 400 ReasonPhrase: Bad Request OperationID: 51078b39-72a0-4a6f-be02-e0fff12dff8b At line:1 char:1 + Update-AzureRmVM -ResourceGroupName "xxxx_Group" -VM $vm + ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Update-AzVM], ComputeCloudException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.UpdateAzureVMCommand
我错过了什么吗?我的虚拟机一个窗口。
更新我已经验证我在虚拟机上拥有多个相同的证书。请问,我到底要删除哪一个?
"secrets": [
{
"sourceVault": {
"id": "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.KeyVault/vaults/xxxKeyVault"
},
"vaultCertificates": [
{
"certificateUrl": "https://xxxkeyvault.vault.azure.net/secrets/xxxx/xxxx",
"certificateStore": "My"
},
{
"certificateUrl": "https://xxxxkeyvault.vault.azure.net/secrets/xxxxx/xxxxx",
"certificateStore": "My"
},
{
"certificateUrl": "https://xxxxkeyvault.vault.azure.net/secrets/xxxxxx/xxxxxxx",
"certificateStore": "My"
},
{
"certificateUrl": "https://xxxxkeyvault.vault.azure.net/secrets/xxxxxxx/xxxxxxxx",
"certificateStore": "MyCert"
}
]
},
{
"sourceVault": {},
"vaultCertificates": {}
}
],
解决方案
what you need to do is this:
- open resources.azure.com
- navigate to your vm
- click edit, remove the certificate from osProfile, click patch
- rerun your script
the thing with Azure - it doesnt know (or care) if your vm actually has that certificate you are trying to install, what it complains about is the fact that VM definition already has that certificate, so it cannot add it.
推荐阅读
- php - 消息:无法连接到 Pusher 异常:“Illuminate\Broadcasting\BroadcastException”
- python-3.x - 如何使用漂亮的汤和python更新xml标签内的名称
- c# - IValueConverter 在将项目添加到列表时不会“转换”
- python - 在 Visual Studio Code 中找不到 Pandas,即使它肯定在 env 中
- python - 包括 lambdas 的配置文件
- c# - Azure Maps - 渲染 - 获取地图图像 - 如何将多种颜色应用于不同的引脚
- javascript - 如何将 Vue JS 'this.somestate' 作为文字'this.somestate' 传递
- postgresql - 无法使用 docker 连接到 ipv6 中的 postgres
- vb.net - Telegram webhook 不发送任何帖子消息
- javascript - 在 konva.js 中缩放阶段时不影响元素位置