问题描述
您可以使用Azure门户将应用服务证书导出为pfx文件。我想在Linux下以自动方式(最终在Python中)这样做。我的日期方法是使用以下cli命令作为第一步:
You can export an app service certificate as a pfx file using the Azure portal. I want to do this though in an automated fashion under Linux (ultimately in Python). My approach to date has been to use the following cli command as the first step:
az resource show --name $CERT_NAME --resource-group $GROUP --resource-type "Microsoft.CertificateRegistration/certificateOrders"这将检索所有PEM中的CSR,以及根证书,中间证书和签名证书格式,嵌入在JSON blob中。此处引用的证书名称是经过验证的应用程序服务证书,可供我正在创建的应用程序使用。
This retrieves the CSR, as well as the root, intermediate, and signed certificates, all in PEM format, embedded in a JSON blob. The certificate name referenced here is a validated app service certificate ready to be used by the app I'm creating.
鉴于已检索到的数据,我的意图是运行命令
Given the data that's been retrieved, my intent is to then run the command
openssl pkcs12 -export -out cert.pfx -inkey private.key -in signed.pem-in intermediate.pem -in rootca.pem其中三个.pem文件都是从json blob中提取的。问题是我还需要私钥,这不是从"az资源显示"返回的信息的一部分。命令。我不清楚如何检索私有
键。我知道私钥文件应如下所示:
where the three .pem files have all been extracted from the json blob. The issue is that I also need the private key and this is not part of the info that's returned from the "az resource show" command. I'm not clear how to retrieve the private key. I know the private key file should look like this:
但我不知道如何检索我的证书的私钥,甚至不使用Azure门户。最终我需要能够在Linux中执行此操作。我确实找到了这篇文章:
but I don't see how I can retrieve the private key for my certificate, not even using the Azure portal. Ultimately I need to be able to do this in Linux. I did find this post:
t hat演示了如何在PowerShell中保存应用服务证书,但是我无法找到此脚本中显示的
步骤的等价物,这些步骤可以在Linux下运行,特别是生成pfxCertObject的最后几个步骤,然后将其保存到磁盘。我假设openssl将执行我需要的操作,除了缺少私钥的这个问题(奇怪的是
似乎没有在PowerShell代码中的任何地方引用)。
that demonstrates how to save an app service certificate in PowerShell, but I haven't been able to find an equivalent for the steps shown in this script that would work under Linux, specifically the last few steps that generate the pfxCertObject and then save it to disk. I'm assuming that openssl will do what I need, except for this issue with the missing private key (which curiously does not seem to be referenced anywhere in the PowerShell code).
有关如何在Linux中导出应用服务证书的任何建议将不胜感激。
Any suggestions on how to export an app service certificate in Linux would be appreciated.
推荐答案
感谢您的提问。您通常应该能够将应用服务证书导出为pfx文件,但我不确定它是否可以用于Linux。我将在内部与工程团队联系,了解您的方案是否得到支持。
Thanks for your question. You should usually be able export an app service certificate as a pfx file but I am not sure if its possible with Linux. I will reach out internally to the engineering team to see if your scenario is supported.
这篇关于在Linux中导出应用服务证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!