如何使用Azure Batch中的Key Vault进行身份验证 [英] How to authenticate with Key Vault from Azure Batch
问题描述
我一直在关注本指南使用证书对天蓝色批次中的密钥库进行身份验证。
我生成的每个证书在导入到天蓝色批处理时都会导致错误,下面列出了一些示例:
I've been following this guide to use a certificate to authenticate with key vault from azure batch. Every certificate I generate causes errors on import into azure batch, some examples are listed below:
code:InvalidPropertyValue
消息:为请求正文中的属性之一提供的值无效。
PropertyName:数据
原因:指定的数据和密码不匹配
code : InvalidPropertyValue message : The value provided for one of the properties in the request body is invalid. PropertyName: data Reason: The specified data and the password do not match
或
无法获取未定义或空引用的属性'tbsCertificate'
Unable to get property 'tbsCertificate' of undefined or null reference
或
无法解密PKCS#8 ShroudedKeyBag,密码错误?
Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?
我不知道的证书是否有任何要求?或者,如果证书不起作用,也可以将托管身份或服务主体分配给我的Azure批处理池。
Are there any requirements for the certificate that I'm not aware of? Alternatively is it possible to assign a managed identity or service principal to my Azure Batch Pool instead, if certificates are not working.
推荐答案
使用这篇文章作为指导,我在 makecert
命令中添加了以下选项。
Using this article as a guide, I added the below options to the makecert
command.
-a sha256 -len 2048
单独使用此证书仍然无效,那么您需要仅使用以下选项运行 pvk2pfx
:
This certificate on it's own still wont work, you then need to run pvk2pfx
with only the below options:
pvk2pfx -pvk batchcertificate.pvk -spc batchcertificate.cer
这将打开向导,然后您需要使用该向导:
This opens the wizard, using which you then need to:
- 选择是,导出私钥
- 勾选以下选项:
- 如果可能的话,在证书路径中包括所有证书
- 导出所有扩展属性
- 启用证书隐私
- select "yes export the private key"
- Tick the following options:
- "include all certificates in the certification path if possible"
- "Export all extended properties"
- "Enable certificate privacy"
这篇关于如何使用Azure Batch中的Key Vault进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!