我有一个工作脚本,该脚本获取证书并将其分配给Azure服务主体以进行身份验证:
$rawData = $Certificate.Certificate.GetRawCertData()
$base64Value = [System.Convert]::ToBase64String($rawData)
$hash = $Certificate.Certificate.GetCertHash()
$base64Thumbprint = [System.Convert]::ToBase64String($hash)
New-AzureADApplicationKeyCredential `
-ObjectId $app.ObjectId `
-CustomKeyIdentifier $base64Thumbprint `
-Type AsymmetricX509Cert `
-Usage Verify `
-Value $base64Value `
-StartDate $Certificate.Created `
-EndDate $Certificate.Certificate.NotAfter
模块更新后,收到的证书的模型从[Microsoft.Azure.Commands.KeyVault.Models。 KeyVaultCertificate ]更改为新的[Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultCertificate],现在返回了New-AzureADApplicationKeyCredential此错误:
Code: Request_BadRequest
Message: When present, application key identifier cannot be empty and can be at most 32 bytes.
Parameter name: applicationKeyIdentifierValue
RequestId: 95338cec-c81f-436d-a692-e49784b3fd1a
DateTimeStamp: Tue, 28 Aug 2018 22:47:44 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
问题是我找不到旧的KeyVaultCertificate模型的技术文档来将其与新模型进行比较,甚至在command doc中给出的示例是X509Certificate2,所以我不知道缺少什么
答案 0 :(得分:1)
对于azure-powershell github存储库中的某个问题,这可能是一个很好的候选人。在这里打开一个问题:https://github.com/Azure/azure-powershell/issues