如何在Azure上部署的云服务上引用x.509证书? [英] How to reference x.509 certificates on a cloud service deployed on azure?

问题描述

一旦在azure上部署了Web服务，我就无法引用x.509证书.我得到的错误是:

I am having trouble referencing x.509 certificates once a web service is deployed on azure. The error I get is:

使用以下搜索条件找不到X.509证书:StoreName'My'，StoreLocation'LocalMachine'， FindType'FindByThumbprint'，FindValue'd50d00762ab0b5bfa2ccd51122360e89ff5db55e'

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindByThumbprint', FindValue 'd50d00762ab0b5bfa2ccd51122360e89ff5db55e'

我尝试了各种StoreName和Location排列，但均未成功. 我的部分配置如下:

I have tried various StoreName and Location permutations and no success. Part of my config is as follows:

<behaviors>
      <endpointBehaviors>
        <behavior name="ClientCredentialsBehavior">
          <clientCredentials>
            <clientCertificate findValue="D50D00762AB0B5BFA2CCD51122360E89FF5DB55E"  storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByThumbprint"/>
            <serviceCertificate>
              <defaultCertificate findValue="E194EBAAFBE5129D097795751127D21577293A87" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByThumbprint"/>
            </serviceCertificate>
          </clientCredentials>
        </behavior>

如何解决天蓝色的错误.请帮助我，我已经花了几个小时来尝试解决此问题.谢谢.

How do I solve this error on azure. Please help me I have spent hours now trying to solve this issue. Thank you.

推荐答案

要解决您面临的问题，请确保证书已上传到云服务中，并且该证书已在云服务配置文件中引用(csdef/cscfg).请参见此链接，了解如何操作:

To fix the problem you're facing, please ensure that the certificate is uploaded in the cloud service and that certificate is referenced in the cloud service configuration files (csdef/cscfg). Please see this link on how to do so: https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-configure-ssl-certificate#step-2-modify-the-service-definition-and-configuration-files.

现在是解释了:).

您知道，云服务是PaaS产品.因此，您需要告诉Fabric Controller(这是创建VM，安装应用程序并进行所有配置更改的神奇之处)，您的应用程序需要使用在云服务中上载的证书.

As you know, Cloud Services are the PaaS offering. Thus you would need to tell the Fabric Controller (which does the magic of creating your VM, installing your application and making all the configuration changes) that your application needs to use a certificate that is uploaded in the cloud service.

告诉结构控制器的方式是在服务定义文件/服务配置文件中指定证书详细信息(例如证书指纹).您还将告诉您希望Fabric Controller在证书上的哪个证书存储中安装Fabric Controller.

The way you tell it to the Fabric Controller is specifying the certificate details (like certificate thumbprint) in the service definition file/service configuration file. You would also tell in which certificate store on the Cloud Service VM you would want Fabric Controller to install the certificate.

一旦Fabric Controller获得此信息，在创建VM时，它将转到已在云服务中上载的证书，根据指纹找到匹配的证书，并将该证书安装在您的Cloud Service VM中.由于您没有在服务定义/配置文件中指定此名称，因此该证书从未安装在您的Cloud Services VM上.

Once Fabric Controller gets this information, at the time of VM creation it goes to the certificates already uploaded in the cloud service, finds matching certificate based on the thumbprint and installs that certificate in your Cloud Service VMs. Since you didn't specify this in the service definition/configuration file, the certificate was never installed on your Cloud Services VM.

这篇关于如何在Azure上部署的云服务上引用x.509证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！