无法导入P-256椭圆曲线证书 [英] Cannot import a P-256 elliptic curve certificate
问题描述
我一直在反对这个问题。
I've been banging my head against this for a while.
我有一个由私人证书颁发机构颁发的X.509证书。它基于P-256私钥。
I have an X.509 certificate issued by a private certificate authority. It is based on a P-256 private key.
它不会导入Azure Key Vault,看起来无论我做什么。我注意到PEM格式不支持EC密钥,因此我将其转换为单证书PFX文件。
It will not import into Azure Key Vault, seemingly no matter what I do. I have noted that EC keys are not supported in PEM format, so I've converted it into a single-certificate PFX file.
在门户网站中导入文件只是给了我一个通用的,"发生错误"消息。
Importing the file in the portal just gives me a generic, "an error occurred" message.
使用Powershell导入文件为我提供了一些更有用的信息:
Importing the file using Powershell gives me something more useful:
Import-AzureKeyVaultCertificate:Elliptic Curve Cryptography公钥算法不支持证书链中的x509证书。
证书是带有SHA256的P-256。
The certificate is P-256 with SHA256.
发行CA是带有SHA512散列的P-256密钥。
The issuing CA is a P-256 key with SHA512 hashing.
根ca是带有SHA512散列的P-521密钥。
The root ca is a P-521 key with SHA512 hashing.
但是,我我没有尝试导入颁发或根CA,只是导入服务器证书。 PFX文件中不存在CA.
However, I'm not trying to import the issuing or root CA, just the server cert. The CAs don't exist in the PFX file.
有什么想法吗?
推荐答案
你仍然无法通过Portal UI或PowerShell导入,但您可以使用Azure CLI导入。 Portal和PowerShell对导入的支持将在未来的更新中到达。请使用此链接 到
使用Azure CLI cmdlet使用 - curve 参数导入密钥和ECC。
You still can't import via the Portal UI or PowerShell but you can import using the Azure CLI. Portal and PowerShell support for importing will arrive in a future update. Pleas use this link to use the Azure CLI cmdlet using --curve parameter to import key with ECC.
Here are the links that discuss the curves supported:
- REST API
- .NET SDK
- User Feedback
这篇关于无法导入P-256椭圆曲线证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
