如何使用Powershell获取与服务主体关联的证书的指纹? [英] How to get thumbprint of the certificate associated with a service principal using Powershell?

问题描述

我有一个与Azure AD中的服务主体相关联的证书.如何使用Powershell获得与之关联的证书名称或指纹?

I have a certificate associated with a service principal in Azure AD. How can I get the certificate name or thumbprint associated with it using powershell?

我尝试了Get-AzureRmADServicePrincipalCredential，Get-AzureRmADSpCredential和Get-AzureADServicePrincipalKeyCredential命令，但是它们返回的是Key Identifier而不是指纹.

I have tried Get-AzureRmADServicePrincipalCredential, Get-AzureRmADSpCredential and Get-AzureADServicePrincipalKeyCredential commands but they return Key Identifier not thumbprint.

基本上，我想在吊销证书之前识别与该证书相关联的证书.

Basically I want to recognize which certificate is associated with the principal before revoking it.

推荐答案

正如@Stanley Gong所述，您可以使用MS Graph来获取它.

As @Stanley Gong mentioned, you can use MS Graph to get it.

这是另一种方法，请尝试以下命令，$Thumbprint是您想要的.

Here is another way, try the command as below, the $Thumbprint is that you want.

注意 <object-id>是AD App(应用程序注册)的对象ID，而不是服务主体(企业应用程序)的对象ID，

Note the <object-id> is the object id of your AD App(App registration), not the service principal(Enterprise application), they are different.

$CustomKeyIdentifier = (Get-AzureADApplicationKeyCredential -ObjectId "<object-id>").CustomKeyIdentifier
$Thumbprint = [System.Convert]::ToBase64String($CustomKeyIdentifier)

这篇关于如何使用Powershell获取与服务主体关联的证书的指纹?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！