我必须从Azure APIM入站策略中的Azure密钥保管库中获取根CA,并在策略中验证我请求的客户端证书。 为此,我点击了链接并能够获得证书 https://github.com/galiniliev/api-management-policy-snippets/blob/galin/AkvCert/examples/Look%20up%20Key%20Vault%20certificate%20using%20Managed%20Service%20Identity%20and%20call%20backend.policy.xml
但是我无法使用从Azure密钥保管库中获取的我的根CA来验证客户端证书 以下是我从Azure密钥保管库中获得的根CA的值 {“ id”:“ https://newdev-keyvault.vault.azure.net/certificates/MyRootCA/bf34888e **********”,“孩子”:“ https://newdev-keyvault.vault.azure.net/keys/MyRootCA/bf34888e *************”,“ sid “:”https://newdev-keyvault.vault.azure.net/secrets/MyRootCA/bf34888 ************** “ ”x5t“: ”gYbnPUooh4D5_ogrmWCEvfDjYXo“, ”CER“:” + MIIDFTCCAf2gAwIBAgIUJYAgKiqYPh + Iq1DFULomUlhzNTAwDQYJKoZIhvcNAQELBQAwGjELMAkGA1UEBhMCSW4xCzAJBgNVBAoMAlwuMB4XDTIwMDQxNjA4MTgyOFoXDTMwMDQxNDA4MTgyOFowGjELMAkGA1UEBhMCSW4xCzAJBgNVBAoMAlwuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2EOpy + GxPFCidiW5hGPVlPXuZFfgJdZWITLkUQ2SvcuBfLSsKmPkSpYO7TAFESpBWD0z8y3BYat0hGA2iBhMWzXN0dhbB + bZ6uDdrg0kuGaFmb4fmQ9mydM7cy3NtZA6lf5uTp9RZV4wiUVyKrRgGRzKUxecnFmtCOyk犹太人/ Jf38laN1l84eM47UaMJjWD9vg / 3QsW3yH + 8zst2gWfXN7giQFRCMnzYTRD0VOd3N + C3k2mx72d4DobwbsngIclDHK0BFUckdK8MaOVIixRRQjFTZ / XjRqhPOCZRbgHHldXfx352eYqzOfYOi / utv8s6Xwl / 0TI3uj2RTth7CwJkQIDAQABo1MwUTAdBgNVHQ4EFgQUZZMEGpRcswKq23a52gqebZcnloAwHwYDVR0jBBgwFoAUZZMEGpRcswKq23a52gqebZcnloAwDwYDVR0TAQH / BAUwAwEB “ ”属性“:{ ”已启用“:真实的, ”NBF“:1587025108, ”EXP“:1902385108, ”创造“:1587036499, ”更新“:1587036499,” recoveryLevel“:” Recoverable + Purgeable“}}
有人可以帮我验证入站策略中的客户端证书吗?
答案 0 :(得分:1)
您从AKV动态获取的证书目前无法用于根据请求验证客户端证书。唯一的方法是将CA证书上传到APIM,然后在请求证书上调用.Validate。这将要求您从AKV导出证书,并在每次更改时在APIM中刷新它。