一些Azure CLI命令的SSL握手错误 [英] SSL handshake error with some Azure CLI commands
问题描述
我在Windows 10的PowerShell中的bash中使用Azure CLI.我坐在公司代理后面.我的目标是自动化Azure资源的部署和设置.
I am using Azure CLI in bash within PowerShell in Windows 10. I sit behind a corporate proxy. My goal is to automate the deployment and setup of Azure resources.
某些Azure CLI命令可以很好地工作:我可以运行az登录,更改默认订阅,列出位置,资源组,资源组中的资源,甚至可以运行shell脚本来部署密钥保管库之类的资源.
Some of the Azure CLI commands work perfectly fine: I can run az login, change the default subscription, list locations, resource groups, resources within resource groups and I can even run shell scripts to deploy resources like Key Vaults.
但是,当我尝试列出Key Vault中的密钥或机密或创建密钥/机密时,我得到以下信息:
However, when I try to list the keys or secrets within a Key Vault, or create keys/secrets I get the following:
请求中发生错误.SSL错误:HTTPSConnectionPool(host ='xxxxxx.vault.azure.net',端口= 443):URL超过了最大重试次数:/secrets?api-version = 7.0(由SSLError(SSLError(握手失败:错误([('SSL例程','tls_process_server_certificate','证书验证失败')],),),))
我在此处提供的示例适用于Key Vault,但是在其他类型的资源上也遇到相同的错误,因此我认为Key Vault并不是问题所在.
The example I am providing here is for a Key Vault, but I am getting the same error with other types of resources, so I don't think the Key Vault is the issue.
在命令中附加-debug 参数时,我可以看到错误来自以下Python库之一:
When appending the --debug parameter to the command, I can see the error is coming from one of the Python libraries:
urllib3.connectionpool:连接被"SSLError(SSLError(错误握手:错误握手:Error([('SSL例程','tls_process_server_certificate','证书验证失败')],),),)':/secrets?api-version=7.0
我尝试了以下提供的建议:
I have tried the suggestions provided at:
包括 export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION = anycontent 以禁用证书检查(不推荐)和 export REQUESTS_CA_BUNDLE =/etc/ssl/certs/ca-certificates.crt 发出Python请求使用系统ca-certificates捆绑包.
Including export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=anycontent to disable certificate check (not recommended) and export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt to make Python requests use the system ca-certificates bundle.
我也尝试过:
导出ADAL_PYTHON_SSL_NO_VERIFY = 1
在以下文章中建议:
[AzureStack]处理不在Python根CA列表#2267中的证书的SSL验证
但是不幸的是,以上结果均未产生任何变化.
But unfortunately none of the above produced any change in the outcome.
我正在使用Azure CLI版本2.0.60和Python 3.
I am using Azure CLI version 2.0.60 and Python 3.
推荐答案
由于您使用的是Windows,而不是Linux或MacOS,请尝试使用 set 而不是 export 如下所述在PowerShell中设置环境变量,然后再次为Key Vault运行azure cli命令.
Due to you were using Windows not Linux or MacOS, please try to use set instead of export to set the environment variables in PowerShell, as below, then to run the azure cli command for Key Vault again.
set ADAL_PYTHON_SSL_NO_VERIFY=1
set AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
对于Linux上的 export REQUESTS_CA_BUNDLE =/etc/ssl/certs/ca-certificates.crt 命令,我认为您可以引用SuperUser线程https://superuser.com/questions/217719/what-are-the-windows-system-certificate-stores以管理员身份运行Powershell窗口(右键单击PowerShell快捷方式,然后选择以管理员身份运行以运行).
And for the command export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt on Linux, I think you can refer to the SuperUser thread https://superuser.com/questions/217719/what-are-the-windows-system-certificate-stores to run a powershell window as administrator (right click on the PowerShell shortcut and select Run as administrator to run).
但是,正如您在PowerShell中使用bash在中所说的那样,听起来像是您打开了Windows子系统(适用于Linux)的bash shell会话,或者像是 PS:提示符下的Git Bash,它模糊地描述了我无法理解您的操作,请发布有关它的更多详细信息,并且我认为使用带有bash嵌套的PowerShell并不是一个好习惯.
However, as you said about in bash with PowerShell, it sounds like you open a bash shell session of Windows Subsystem for Linux or like Git Bash from PS: prompt, which described fuzzily that I can not understand for your operations, please post more details about it, and I don't think it's a good practice to use PowerShell with bash nested.
这篇关于一些Azure CLI命令的SSL握手错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
