如何将私钥证书(.pfx),公钥证书(.cer)上传到Azure WebApp

时间:2019-09-17 17:31:58

标签: azure powershell ssl certificate azure-web-app-service

如何使用Azure Powershell将私有的公共证书上载到Azure AppService。我知道New-AzureRmWebAppSSLBinding,但是我没有做任何SSL绑定。

我们有使用SSL绑定的Azure应用服务。为此,我使用New-AzureRmWebAppSSLBinding上载了证书。我确实在网络应用程序中为每个主机上传了一个证书。这很好。 但是我想将其他私有和公共证书上传到此应用程序服务以进行API验证。我没有找到用于上传私有或公共证书的任何Azure Powershell命令。

Azure门户允许上载私有证书及其密码或公共证书。但是我想使用powershell进行相同的操作。门户用户界面还具有从密钥库导入证书的选项。我确定可以将证书上传到密钥保险库,但是没有powershell命令将其导入到Azure应用服务。

<a href="https://ibb.co/Kh7t5DL"><img src="https://i.ibb.co/fFt3X9n/Capture-Cert.jpg" alt="Capture-Cert" border="0"></a>

我已经阅读了这些文章,但是它们都使用相同的命令。 https://github.com/Azure/azure-powershell/issues/2108 How to add a certificate to an Azure RM website with Powershell

New-AzureRmWebAppSSLBinding -ResourceGroupName $ RGName -WebAppName $ webAppName -CertificateFilePath $ filePath -CertificatePassword $ pass

如果我调用此方法,它将要求输入主机名。由于我已经为此主机名上传了具有SSL绑定的证书,因此无法使用它。如果不提供主机名,此命令将失败。

2 个答案:

答案 0 :(得分:0)

根据我的测试,如果要为Azure Web应用绑定ssl,可以参考以下脚本:

$webappName=""
$groupName=""
# set custom doamin
$fqdn="<your custom domain name>"
Set-AzureRmWebApp -Name $webappName -ResourceGroupName $groupName -HostNames($fqdn, "$webappName.azurewebsites.net") 

#bind ssl
$pfxPath="<Replace with path to your .PFX file>"
$pfxPassword="<Replace with your .PFX password>"
#Upload and bind the SSL certificate to the web app
New-AzureRmWebAppSSLBinding -WebAppName $webappName -ResourceGroupName $groupName -Name $fqdn -CertificateFilePath $pfxPath -CertificatePassword $pfxPassword -SslState SniEnabled   

#bind an existing Azure certificate
New-AzureRmWebAppSSLBinding -WebAppName $webappName -ResourceGroupName $groupName -Name $fqdn -Thumbprint "the thumbprint of the cert"

答案 1 :(得分:0)

好吧,最终我能够弄清楚并上传了私有证书和公共证书。 Azure resource explorer对于了解文件夹结构和证书位置确实很有帮助。

要上传公共证书:每个应用服务都随附了这些证书。

$webApps = @{
            "Dev_AppServicesGroup" = "DevUserService"
        }
$certName = "chain-cert.cer"
$Path = "C:\Certs"    

$fullpath = $path + '\' + $certname
$pwd = ConvertTo-SecureString -String 'anyPwd' -AsPlainText -Force
$cert  = New-AzureRmApplicationGatewaySslCertificate -Name 'someCert' -CertificateFile $fullpath -Password $pwd
$apiVersion = '2018-02-01'

if($cert)
{
    $PropertiesObject = @{
        blob=$cert.Data; 
        publicCertificateLocation= "CurrentUserMy"
    }

    foreach($resourceGroup in $webApps.Keys)
    {
       $webAppName = $webApps.Item($resourceGroup)        
       $resource = Get-AzureRmWebApp -ResourceGroupName $resourceGroup -Name $webAppName
       $resourceName = $resource.Name + "/"+$certName
       New-AzureRmResource -Location $resource.Location -PropertyObject $PropertiesObject -ResourceGroupName $resource.ResourceGroup -ResourceType Microsoft.Web/sites/publicCertificates -ResourceName $resourceName -ApiVersion $apiVersion -Force        

       #Apply the cert to the deployment slots if any
       $slots = Get-AzureRmResource -ResourceGroupName $resource.ResourceGroup -ResourceType Microsoft.Web/sites/slots -ResourceName $webAppName -ApiVersion $apiVersion
       foreach($slot in $slots)
       {            
          $resourceName = $slot.Name + "/"+$certName                     
          New-AzureRmResource -Location $slot.Location -PropertyObject $PropertiesObject -ResourceGroupName $slot.ResourceGroupName -ResourceType Microsoft.Web/sites/slots/publicCertificates -ResourceName $resourceName -ApiVersion $apiVersion -Force            
       }
    }
}

要上传专用证书:这些证书是按资源组上传的,并且可供该组下的所有应用服务使用。

#Private certs needs to be uploaded to each resource group with app services
$resourceGroups = @("Dev_AppServicesGroup1", "Dev_AppServicesGroup2")
$certName = "event-store-user.p12"

$certPwd = "Your certificate password" #This is the private cert password
$Path = "C:\Certs"   

$fullpath = $path + '\' + $certname    

$pwd = ConvertTo-SecureString -String 'SomePwd' -AsPlainText -Force
$cert  = New-AzureRmApplicationGatewaySslCertificate -Name someCert -CertificateFile $fullpath -Password $pwd
$apiVersion = '2018-02-01'

if($cert)
{
    $PropertiesObject = @{
        pfxBlob=$cert.Data;  
        password =$certPwd; #This is the private cert password        
        ResourceType = "Microsoft.Web/Certificates"
    }

    foreach($resourceGroup in $resourceGroups)
    {
        $resource = Get-AzureRmResourceGroup -Name $resourceGroup       
        New-AzureRmResource -ResourceName $certName -Location $resource.Location -PropertyObject $PropertiesObject -ResourceGroupName $resource.ResourceGroupName -ResourceType Microsoft.Web/certificates -ApiVersion $apiVersion -Force        
    }
}

就是这样。要上传SSL证书并将其绑定到应用程序服务,可以使用命令“ New-AzWebAppSSLBinding”。

相关问题
最新问题