如何将私钥证书(.pfx)，公钥证书(.cer)上传到Azure WebApp

本文介绍了如何将私钥证书(.pfx)，公钥证书(.cer)上传到Azure WebApp的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

如何使用Azure Powershell将私有的公共证书上载到Azure AppService.我知道New-AzureRmWebAppSSLBinding，但是我没有做任何SSL绑定.

How to upload a private, public certificate to the Azure AppService using Azure Powershell. I am aware of New-AzureRmWebAppSSLBinding but I am not doing any SSL binding.

我们有使用SSL绑定的Azure应用服务.为此，我使用New-AzureRmWebAppSSLBinding上载了证书.我确实在网络应用程序中为每个主机上传了一个证书.这很好.但是我想将其他私有和公共证书上传到此应用程序服务以进行API验证.我没有找到用于上传私有或公共证书的任何azure powershell命令.

We have Azure App Services that use SSL binding. I used New-AzureRmWebAppSSLBinding to upload a certificate for this purpose. I did upload a cert for each host on my web app. This works fine.But I wanted to upload additional private and public certs on to this app service for API validation. I did not find any azure powershell command to upload a private or public certificate.

Azure门户允许上载私有证书及其密码或公共证书.但是我想使用powershell来做同样的事情.门户网站UI还具有从密钥库导入证书的选项.我确定可以将证书上传到密钥保险库，但是没有powershell命令将其导入到Azure应用服务.

Azure portal allows uploading a private certificate along with its password or a public certificate. However I want to do the same using powershell. The portal UI also has an option to import certificate from key vault. I sure can upload a certificate to key vault but there is no powershell command to import it on to Azure app service.

<a href="https://ibb.co/Kh7t5DL"><img src="https://i.ibb.co/fFt3X9n/Capture-Cert.jpg" alt="Capture-Cert" border="0"></a>

我已经阅读了这些文章，但是它们都使用相同的命令. https://github.com/Azure/azure-powershell/issues/2108 如何将证书添加到Azure带有Powershell的RM网站

I have gone through these articles but they both use the same command.https://github.com/Azure/azure-powershell/issues/2108How to add a certificate to an Azure RM website with Powershell

New-AzureRmWebAppSSLBinding -ResourceGroupName $ RGName -WebAppName $ webAppName -CertificateFilePath $ filePath -CertificatePassword $ pass

New-AzureRmWebAppSSLBinding -ResourceGroupName $RGName -WebAppName $webAppName -CertificateFilePath $filePath -CertificatePassword $pass

如果我调用此方法，它将要求输入主机名.由于我已经为此主机名上传了具有SSL绑定的证书，因此无法使用它.如果不提供主机名，此命令将失败.

If I call this method it asks for the host name. Since I already uploaded a certificate with SSL binding for this hostname I cannot use it. Without supplying a hostname this command will fail.

推荐答案

好，最后我能够弄清楚并上传私有和公共证书. Azure资源浏览器确实有助于理解文件夹结构和证书位置.

Ok, finally I was able to figure it out and upload both private and public certs. Azure resource explorer was really helpful to understand the folder structure and certificate location.

要上传公共证书:每个应用服务都随附了这些证书.

To upload Public certificate: These are attached per app service.

$webApps = @{
            "Dev_AppServicesGroup" = "DevUserService"
        }
$certName = "chain-cert.cer"
$Path = "C:\Certs"

$fullpath = $path + '\' + $certname
$pwd = ConvertTo-SecureString -String 'anyPwd' -AsPlainText -Force
$cert  = New-AzureRmApplicationGatewaySslCertificate -Name 'someCert' -CertificateFile $fullpath -Password $pwd
$apiVersion = '2018-02-01'

if($cert)
{
    $PropertiesObject = @{
        blob=$cert.Data;
        publicCertificateLocation= "CurrentUserMy"
    }

    foreach($resourceGroup in $webApps.Keys)
    {
       $webAppName = $webApps.Item($resourceGroup)
       $resource = Get-AzureRmWebApp -ResourceGroupName $resourceGroup -Name $webAppName
       $resourceName = $resource.Name + "/"+$certName
       New-AzureRmResource -Location $resource.Location -PropertyObject $PropertiesObject -ResourceGroupName $resource.ResourceGroup -ResourceType Microsoft.Web/sites/publicCertificates -ResourceName $resourceName -ApiVersion $apiVersion -Force

       #Apply the cert to the deployment slots if any
       $slots = Get-AzureRmResource -ResourceGroupName $resource.ResourceGroup -ResourceType Microsoft.Web/sites/slots -ResourceName $webAppName -ApiVersion $apiVersion
       foreach($slot in $slots)
       {
          $resourceName = $slot.Name + "/"+$certName
          New-AzureRmResource -Location $slot.Location -PropertyObject $PropertiesObject -ResourceGroupName $slot.ResourceGroupName -ResourceType Microsoft.Web/sites/slots/publicCertificates -ResourceName $resourceName -ApiVersion $apiVersion -Force
       }
    }
}

要上传专用证书:这些证书是按资源组上传的，可供该组下的所有应用服务使用.

To upload Private certificate: These are uploaded per resource group and are available to all app services under that group.

#Private certs needs to be uploaded to each resource group with app services
$resourceGroups = @("Dev_AppServicesGroup1", "Dev_AppServicesGroup2")
$certName = "event-store-user.p12"

$certPwd = "Your certificate password" #This is the private cert password
$Path = "C:\Certs"

$fullpath = $path + '\' + $certname

$pwd = ConvertTo-SecureString -String 'SomePwd' -AsPlainText -Force
$cert  = New-AzureRmApplicationGatewaySslCertificate -Name someCert -CertificateFile $fullpath -Password $pwd
$apiVersion = '2018-02-01'

if($cert)
{
    $PropertiesObject = @{
        pfxBlob=$cert.Data;
        password =$certPwd; #This is the private cert password
        ResourceType = "Microsoft.Web/Certificates"
    }

    foreach($resourceGroup in $resourceGroups)
    {
        $resource = Get-AzureRmResourceGroup -Name $resourceGroup
        New-AzureRmResource -ResourceName $certName -Location $resource.Location -PropertyObject $PropertiesObject -ResourceGroupName $resource.ResourceGroupName -ResourceType Microsoft.Web/certificates -ApiVersion $apiVersion -Force
    }
}

就是这样.要上传SSL证书并将其绑定到应用程序服务，可以使用命令"New-AzWebAppSSLBinding".

That's it. To upload SSL certificate and bind it to the app service you can use the command 'New-AzWebAppSSLBinding'.

这篇关于如何将私钥证书(.pfx)，公钥证书(.cer)上传到Azure WebApp的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！