如何验证Azure虚拟机RDP证书? [英] How to verify an Azure virtual machine RDP certificate?

问题描述

由于某些原因，我的VM的RDP证书指纹已更改.我有办法在Azure中验证新的证书指纹吗?

My VM's RDP certificate fingerprint changed for some reason. Is there a way for me to verify the new certificate fingerprint in Azure?

类型:虚拟机(经典)，计算机:Basic_A3，操作系统:Windows Server

Type: Virtual Machine (classic), Machine: Basic_A3, OS: Windows Server

推荐答案

启动虚拟机时，Azure中有可用的启动诊断日志，默认情况下启用.您可以通过在Azure门户中选择虚拟机来找到它们；在菜单部分支持+故障排除"中，选择启动诊断"，然后选择标签页串行日志".这些日志将各种系统参数作为JSON对象列出，其中包含如下所示的remoteAccess对象.

There are boot diagnostic logs available in Azure, enabled by default, when you boot a virtual machine. You can find them by selecting the virtual machine in the Azure portal; in the menu section 'Support + troubleshooting', select 'Boot diagnostics' and then the tabpage 'Serial log'. These logs list various system parameters as a JSON object, which contains the remoteAccess object seen below.

"remoteAccess": {
    "windows": {
        "rdpPort": 3389,
        "rdpEnabled": true,
        "rdpTcpListenerSecurityConfiguration": {
            "nlaUserAuthenticationRequired": true,
            "authenticationSecurityLayer": "TLS",
            "protocolNegotiationAllowed": true
        },
        "rdpTcpListenerMaxConnections": 2,
        "rdpFirewallAccess": "Allowed",
        "rdpAllowedUsers": [
            "TestUser"
        ],
        "rdpCertificateDetails": {
            "subject": "CN=RDPTest",
            "thumbprint": "9AD7CB3493790BCAB6FBF543EBBBE68883E9EE89",
            "validFrom": "2018-02-17T10:58:42Z",
            "validTo": "2018-08-19T10:58:42Z"
        },
        "rdsLicensingStatus": null
    }
}

如您所见，有一个rdpCertificateDetails对象列出了RDP服务器证书的SHA指纹.与Linux启动诊断日志不同，它每次都会列出指纹，因此无需担心它是否没有在第一次启动时记录下来.

As you can see, there is an rdpCertificateDetails object that lists the SHA thumbprint of the RDP server certificate. Unlike the Linux boot diagnostics log, it will list the thumbprint every time, so there is no need to worry if it was not recorded on first boot.

首次连接时，会出现未知发行商"警告.

When you first connect, there will be an "unknown publisher" warning.

点击进入，然后输入您的凭据.输入您的凭据后，它将显示无法验证身份"警告.计算机的名称将是Azure中VM的名称.

Click through, and enter your credentials. After entering your credentials, it will show an "identity could not be verified" warning. The name of the computer will be the name of the VM in Azure.

单击查看证书，然后转到详细信息.在这里，您可以从启动诊断程序中找到要验证的指纹.

Click view certificate, and go to details. Here you can find the thumbprint to verify against the one from the boot diagnostics.

有关在Azure门户中找到启动诊断程序以及获取Linux VM的SSH密钥的更多详细说明，请参见这个StackOverflow问题.

For more detailed instructions on finding the boot diagnostics in the Azure portal, and obtaining the SSH keys for a Linux VM, see my answer on this StackOverflow question.

这篇关于如何验证Azure虚拟机RDP证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！