本文介绍了为什么我收到“密钥凭证开始日期无效".尝试创建 Active Directory 服务主体的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在尝试整合一系列围绕创建和刷新 AD 服务主体和应用程序的操作.我遇到问题的流程是:

  1. 从 Azure Key Vault 获取证书
  2. 使用证书创建服务主体(和应用程序)进行身份验证.

PS > Get-AzureKeyVaultCertificate -VaultName certs -Name CertName名称 : 证书名称证书:[主题]CN=certName.foo.com[发行人]CN=certName.foo.com[序列号]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[不是以前]2017/6/2 下午 5:41:26[不是之后]2018/6/2 下午 5:51:26[指纹]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX编号:https://certs.vault.azure.net:443/certificates/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxKeyId : https://certs.vault.azure.net:443/keys/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSecretId : https://certs.vault.azure.net:443/secrets/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx指纹:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX标签:{[指纹,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]}启用:真创建 : 6/3/2017 2:11:31 AM更新 : 6/3/2017 2:11:31 AMPS > New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $cert.Certificate.GetEffectiveDateString() -EndDate $cert.Certificate.GetExpirationDateString()New-AzureRmADServicePrincipal :密钥凭据开始日期无效.在行:1 字符:1+ New-AzureRmADServicePrincipal -DisplayName "Cert access" - ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : InvalidOperation: (:) [New-AzureRmADServicePrincipal],异常+ FullQualifiedErrorId : Request_BadRequest,Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand

为什么我得到密钥凭证开始日期无效?

解决方案

根据你的错误日志,好像是时间格式不对.我建议你可以使用 [System.DateTime]::Now 来设置时间.我在我的实验室中测试,我没有遇到您的错误日志,以下脚本对我有用.我建议你可以测试一下.

##import 证书到密钥值$Password = ConvertTo-SecureString -String "*******" -AsPlainText -Force导入-AzureKeyVaultCertificate -VaultName "shuikey" -Name "ImportCert01" -FilePath "C:shui.pfx" -Password $Password##设置开始时间和过期时间$now = [System.DateTime]::现在$yearfromnow = $now.AddYears(1)##从密钥库中获取证书$cert=Get-AzureKeyVaultCertificate -VaultName certs -Name CertNameNew-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $now -EndDate $yearfromnow

I've been trying to consolidate a bunch of operations around creating and refreshing AD Service Principals and Applications. The flow I'm having trouble with is:

  1. Get a cert out of Azure Key Vault
  2. Create a Service Principal (and Application) using the cert for authentication.
PS > Get-AzureKeyVaultCertificate -VaultName certs -Name CertName

Name        : CertName
Certificate : [Subject]
                CN=certName.foo.com

              [Issuer]
                CN=certName.foo.com

              [Serial Number]
                xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

              [Not Before]
                6/2/2017 5:41:26 PM

              [Not After]
                6/2/2018 5:51:26 PM

              [Thumbprint]
                XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Id          : https://certs.vault.azure.net:443/certificates/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
KeyId       : https://certs.vault.azure.net:443/keys/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SecretId    : https://certs.vault.azure.net:443/secrets/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thumbprint  : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags        : {[Thumbprint, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]}
Enabled     : True
Created     : 6/3/2017 2:11:31 AM
Updated     : 6/3/2017 2:11:31 AM

PS > New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $cert.Certificate.GetEffectiveDateString() -EndDate $cert.Certificate.GetExpirationDateString()

New-AzureRmADServicePrincipal : Key credential start date is invalid.
At line:1 char:1
+ New-AzureRmADServicePrincipal -DisplayName "Cert access" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzureRmADServicePrincipal], Exception
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand

Why do I get Key credential start date is invalid?

解决方案

According to your error log, it seems that time format is wrong. I suggest you could use [System.DateTime]::Now to set time. I test in my lab, I don't meet your error log, the following script works for me. I suggest you could test.

##import certificate to key valut
$Password = ConvertTo-SecureString -String "*******" -AsPlainText -Force
Import-AzureKeyVaultCertificate -VaultName "shuikey" -Name "ImportCert01" -FilePath "C:shui.pfx" -Password $Password
##set start time and expire time
$now = [System.DateTime]::Now
$yearfromnow = $now.AddYears(1)
##Get certificate from key vault
$cert=Get-AzureKeyVaultCertificate -VaultName certs -Name CertName

New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $now -EndDate $yearfromnow

这篇关于为什么我收到“密钥凭证开始日期无效".尝试创建 Active Directory 服务主体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-31 01:03