如何存储PFX证书在Azure中的关键库？ [英] How to store pfx certificate in Azure Key Vault ?

问题描述

所以我有一堆字符串和PFX证书，我想在Azure中的关键跳马只允许用户存储/应用程序将能够得到它。它不是很难做琴弦 - 只需创建一个秘密，但我怎么可以存储在这样的方式证明，我可以检索和初始化它作为一个 <一个href=\"https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx\"相对=nofollow> X509Certificate2 对象在C＃中？

So i have bunch of strings and pfx certificates i want to store in Azure Key vault that only allowed users/apps will be able to get it. Its not hard to do with the strings - just create a secret, but how can i store certificate in such way that i could retrieve it and initialize it as a X509Certificate2 object in C#?

我试着将它存储作为重点。这里是Azure的PowerShell的code

I tried to store it as a key. here is Azure powershell code

$securepfxpwd = ConvertTo-SecureString -String 'superSecurePassword' -AsPlainText -Force
$key = Add-AzureKeyVaultKey -VaultName 'UltraVault' -Name 'MyCertificate' -KeyFilePath 'D:\Certificates\BlaBla.pfx' -KeyFilePassword $securepfxpwd

但是，当我试图把它的 GetKeyAsync 方式，我可以真正使用它。

But when i tried to get it with GetKeyAsync method, i could really use it.

谁能帮助？

推荐答案

下面是给你一个PowerShell脚本。替换文件路径，密码，保管库的名称，秘密名字。

Here's a PowerShell script for you. Replace the file path, password, vault name, secret name.

$pfxFilePath = 'C:\mycert.pfx'
$pwd = '123'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName 'myVaultName' -Name 'mySecretName' -SecretValue $Secret -ContentType $secretContentType

这是一个常见的​​问题，所以我们要擦亮这个和释放作为帮手。

This is a common question, so we are going to polish this up and release as a helper.

由于在有保护的PFX密码，然后保存下一个密码它有没有价值上面的脚本剥离的密码。

The script above strips the password because there's no value in having a password protected PFX and then storing the password next to it.

这篇关于如何存储PFX证书在Azure中的关键库？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！