使用CmdLet New-AzureRmADAppCredential创建带有证书的新凭据时出错 [英] Error when using CmdLet New-AzureRmADAppCredential to create new credential with certificates

问题描述

我正在尝试使用New-AzureRmADAppCredential cmdlet.我正在尝试使用以下语法创建新的凭证: New-SelfSignedCertificateEx -Subject "CN=$ClientId" -KeySpec "Exchange" -FriendlyName "$ClientId" $start = (Get-Date).ToUniversalTime() $end = $start.AddDays(4) New-AzureRmADAppCredential -ApplicationId $application.ObjectId -CertValue $keyValue -StartDate $start -EndDate $end 我注意到，如果我尝试使用证书创建新证书，则该证书在特定应用程序上将失败，并显示以下错误: New-AzureRmADAppCredential : Update to existing credential with KeyId 'keyid' is not allowed. 这个应用程式有2个凭证，一个是密码，另一个是证书.密钥ID属于证书凭证.奇怪的是，即使该应用程序具有多个证书凭据，它在其他应用程序上也能正常工作.我尝试查看文档，但找不到任何有用的信息.
所以，我的问题是-为什么会发生此错误?以及我该如何解决?
更新:通过在解决方案

是的， New-AzureRmADAppCredential 不够强大，如果AAD App具有密钥，它将更新密钥列表中的最新密钥，并且当然不起作用(Update to existing credential with KeyId is not allowed)，我认为这是一个错误；如果不存在密钥，它将创建一个新密钥.您可以改用 New-AzureADApplicationPasswordCredential . >

I am trying to use the New-AzureRmADAppCredential cmdlet. I am trying to create a new credential using the following syntax: New-SelfSignedCertificateEx -Subject "CN=$ClientId" -KeySpec "Exchange" -FriendlyName "$ClientId" $start = (Get-Date).ToUniversalTime() $end = $start.AddDays(4) New-AzureRmADAppCredential -ApplicationId $application.ObjectId -CertValue $keyValue -StartDate $start -EndDate $end I've noticed that if I try to create a new credential with a certificate, it failed on a specific apps with the following error: New-AzureRmADAppCredential : Update to existing credential with KeyId 'keyid' is not allowed. This app has 2 credentials, one is a password and the other is a certificate. The keyid belong to the certificate credential. The weird part is that on other app it worked fine, even if the app has multiple certificate credentials. I've tried to look at the documentation, but couldn't find anything useful.
So, my question is - why this error happens? and how I can solve this?
Update: By looking in the code of the cmdlet, it seems like it always updating the whole list, so I think it might be something related to permission, but I am not sure.
Thanks,
Omer

解决方案

Yeah, New-AzureRmADAppCredential isn't strong enough, if AAD App has keys, it will update the latest key in the key list and of course won't work(Update to existing credential with KeyId is not allowed), I think it's a bug; if no key existed, it will create a new key. You can use New-AzureADApplicationPasswordCredential instead.

这篇关于使用CmdLet New-AzureRmADAppCredential创建带有证书的新凭据时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！