我正在尝试通过我的ARM模板脚本将证书上传到应用程序网关。如何通过ARM脚本执行此操作。下面是我的脚本:
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
},
{
"name": "httpssettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 8443,
"protocol": "Https",
"cookieBasedAffinity": "Enabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"id": "[parameters('sslCertData')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
},
{
"name": "scalablehttpsettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 7443,
"protocol": "Https",
"cookieBasedAffinity": "Enabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"id": "[parameters('sslCertData')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
}
],
我想知道如何在authenticationCertificates下将证书路径提供给参数('sslCertData')。有人可以帮我吗?
PS:证书为.cer格式。
答案 0 :(得分:0)
您不能直接执行此操作。您需要将证书转换为base64并将其作为base64传递给应用程序网关。另外,我相当确定您不能将.cer用于侦听器,而只能用于auth(因此使用端对端ssl)。工作示例:
"sslCertificates": [ // these certificates can be used for listeners
{
"name": "offloadCertificate",
"properties": {
"data": "base64_value_of_.pfx",
"password": "password_for_.pfx"
}
}
],
"authenticationCertificates": [ // these only for end-to-end ssl
{
"name": "authenticationCertificate",
"properties": {
"data": "base64_value_of_.cer"
}
}
]
答案 1 :(得分:0)
We have to use and declare as shown below. It works like a charm.
"httpscertificate": {
"defaultValue":"Base64 converted value"
"type": "string"
},
"authenticationCertificates": [
{
"properties": {
"data": "[parameters('httpscertificate')]"
},
"name": "Appgatewaybackendcert"
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
},
{
"name": "nonscalablehttpssettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 8443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"Id": "[concat(variables('applicationGatewayID'), '/authenticationCertificates/checkpointsystems')]" //appGatewayBackendCert
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
},
{
"name": "scalablehttpsettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 7443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"Id": "[concat(variables('applicationGatewayID'), '/authenticationCertificates/checkpointsystems')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
}
],