为什么我得到“密钥凭据开始日期无效”。尝试创建Active Directory服务主体

时间:2017-06-28 02:37:46

标签: powershell azure active-directory

我一直在尝试整合一系列围绕创建和刷新AD服务主体和应用程序的操作。我遇到麻烦的流程是:

  1. 从Azure Key Vault获取证书
  2. 使用cert进行身份验证创建服务主体(和应用程序)。
    3. PS > Get-AzureKeyVaultCertificate -VaultName certs -Name CertName

Name        : CertName
Certificate : [Subject]
                CN=certName.foo.com

              [Issuer]
                CN=certName.foo.com

              [Serial Number]
                xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

              [Not Before]
                6/2/2017 5:41:26 PM

              [Not After]
                6/2/2018 5:51:26 PM

              [Thumbprint]
                XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Id          : https://certs.vault.azure.net:443/certificates/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
KeyId       : https://certs.vault.azure.net:443/keys/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SecretId    : https://certs.vault.azure.net:443/secrets/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thumbprint  : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags        : {[Thumbprint, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]}
Enabled     : True
Created     : 6/3/2017 2:11:31 AM
Updated     : 6/3/2017 2:11:31 AM

PS > New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $cert.Certificate.GetEffectiveDateString() -EndDate $cert.Certificate.GetExpirationDateString()

New-AzureRmADServicePrincipal : Key credential start date is invalid.
At line:1 char:1
+ New-AzureRmADServicePrincipal -DisplayName "Cert access" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzureRmADServicePrincipal], Exception
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand

    为什么密钥凭据开始日期无效

1 个答案:

答案 0 :(得分:2)

根据您的错误日志,似乎时间格式错误。我建议您可以使用[System.DateTime]::Now来设置时间。我在我的实验室测试,我没有遇到您的错误日志,以下脚本适合我。我建议你试试。

##import certificate to key valut
$Password = ConvertTo-SecureString -String "*******" -AsPlainText -Force
Import-AzureKeyVaultCertificate -VaultName "shuikey" -Name "ImportCert01" -FilePath "C:\shui.pfx" -Password $Password
##set start time and expire time
$now = [System.DateTime]::Now
$yearfromnow = $now.AddYears(1)
##Get certificate from key vault
$cert=Get-AzureKeyVaultCertificate -VaultName certs -Name CertName

New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $now -EndDate $yearfromnow

enter image description here

相关问题
最新问题