如何使用Powershell获取与服务主体关联的证书的指纹? [英] How to get thumbprint of the certificate associated with a service principal using Powershell?
问题描述
我有一个与Azure AD中的服务主体相关联的证书.如何使用Powershell获得与之关联的证书名称或指纹?
I have a certificate associated with a service principal in Azure AD. How can I get the certificate name or thumbprint associated with it using powershell?
我尝试了Get-AzureRmADServicePrincipalCredential
,Get-AzureRmADSpCredential
和Get-AzureADServicePrincipalKeyCredential
命令,但是它们返回的是Key Identifier
而不是指纹.
I have tried Get-AzureRmADServicePrincipalCredential
, Get-AzureRmADSpCredential
and Get-AzureADServicePrincipalKeyCredential
commands but they return Key Identifier
not thumbprint.
基本上,我想在吊销证书之前识别与该证书相关联的证书.
Basically I want to recognize which certificate is associated with the principal before revoking it.
推荐答案
正如@Stanley Gong所述,您可以使用MS Graph来获取它.
As @Stanley Gong mentioned, you can use MS Graph to get it.
这是另一种方法,请尝试以下命令,$Thumbprint
是您想要的.
Here is another way, try the command as below, the $Thumbprint
is that you want.
注意 <object-id>
是AD App(应用程序注册)的对象ID,而不是服务主体(企业应用程序)的对象ID,
Note the <object-id>
is the object id of your AD App(App registration), not the service principal(Enterprise application), they are different.
$CustomKeyIdentifier = (Get-AzureADApplicationKeyCredential -ObjectId "<object-id>").CustomKeyIdentifier
$Thumbprint = [System.Convert]::ToBase64String($CustomKeyIdentifier)
这篇关于如何使用Powershell获取与服务主体关联的证书的指纹?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!