使用 Azure CLI 将 SSL 证书从 KeyVault 绑定到 webapp
Bind SSL Certificate from KeyVault to webapp using Azure CLI
我们目前正在使用以下 ARM 模板将 SSL 证书绑定到 WebApp,但我们想迁移到 Azure CLI,但无法在不下载证书的情况下执行此操作。
{
"type": "Microsoft.Web/certificates",
"name": "[variables('certificateName')]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[resourceId(parameters('existingKeyVaultResourceGroup'), 'Microsoft.KeyVault/vaults',parameters('existingKeyVaultId'))]",
"keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms',variables('hostingPlanName'))]"
}
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(variables('webAppName'), '/', variables('hostname'))]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint]"
},
"dependsOn": [
"[concat('Microsoft.Web/certificates/',variables('certificateName'))]"
]
}
这是官方的示例脚本site,如果你不想下载它,你应该在你的本地有它。
#!/bin/bash
fqdn=<replace-with-www.{yourdomain}>
pfxPath=<replace-with-path-to-your-.PFX-file>
pfxPassword=<replace-with-your=.PFX-password>
resourceGroup=myResourceGroup
webappname=mywebapp$RANDOM
# Create a resource group.
az group create --location westeurope --name $resourceGroup
# Create an App Service plan in Basic tier (minimum required by custom domains).
az appservice plan create --name $webappname --resource-group $resourceGroup --sku B1
# Create a web app.
az webapp create --name $webappname --resource-group $resourceGroup \
--plan $webappname
echo "Configure a CNAME record that maps $fqdn to $webappname.azurewebsites.net"
read -p "Press [Enter] key when ready ..."
# Before continuing, go to your DNS configuration UI for your custom domain and
follow the
# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for
the
# hostname "www" and point it your web app's default domain name.
# Map your prepared custom domain name to the web app.
az webapp config hostname add --webapp-name $webappname --resource-group
$resourceGroup \
--hostname $fqdn
# Upload the SSL certificate and get the thumbprint.
thumbprint=$(az webapp config ssl upload --certificate-file $pfxPath \
--certificate-password $pfxPassword --name $webappname --resource-group
$resourceGroup \
--query thumbprint --output tsv)
# Binds the uploaded SSL certificate to the web app.
az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI \
--name $webappname --resource-group $resourceGroup
echo "You can now browse to https://$fqdn"
希望对您有所帮助,如果您还有其他问题,请告诉我。
TLS/SSL --> 私钥证书 --> 导入密钥库证书
任何人都可以分享 arm/script 进行配置。
我们正在申请手动执行,我们需要脚本来执行
我们目前正在使用以下 ARM 模板将 SSL 证书绑定到 WebApp,但我们想迁移到 Azure CLI,但无法在不下载证书的情况下执行此操作。
{
"type": "Microsoft.Web/certificates",
"name": "[variables('certificateName')]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[resourceId(parameters('existingKeyVaultResourceGroup'), 'Microsoft.KeyVault/vaults',parameters('existingKeyVaultId'))]",
"keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms',variables('hostingPlanName'))]"
}
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(variables('webAppName'), '/', variables('hostname'))]",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"sslState": "SniEnabled",
"thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint]"
},
"dependsOn": [
"[concat('Microsoft.Web/certificates/',variables('certificateName'))]"
]
}
这是官方的示例脚本site,如果你不想下载它,你应该在你的本地有它。
#!/bin/bash
fqdn=<replace-with-www.{yourdomain}>
pfxPath=<replace-with-path-to-your-.PFX-file>
pfxPassword=<replace-with-your=.PFX-password>
resourceGroup=myResourceGroup
webappname=mywebapp$RANDOM
# Create a resource group.
az group create --location westeurope --name $resourceGroup
# Create an App Service plan in Basic tier (minimum required by custom domains).
az appservice plan create --name $webappname --resource-group $resourceGroup --sku B1
# Create a web app.
az webapp create --name $webappname --resource-group $resourceGroup \
--plan $webappname
echo "Configure a CNAME record that maps $fqdn to $webappname.azurewebsites.net"
read -p "Press [Enter] key when ready ..."
# Before continuing, go to your DNS configuration UI for your custom domain and
follow the
# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for
the
# hostname "www" and point it your web app's default domain name.
# Map your prepared custom domain name to the web app.
az webapp config hostname add --webapp-name $webappname --resource-group
$resourceGroup \
--hostname $fqdn
# Upload the SSL certificate and get the thumbprint.
thumbprint=$(az webapp config ssl upload --certificate-file $pfxPath \
--certificate-password $pfxPassword --name $webappname --resource-group
$resourceGroup \
--query thumbprint --output tsv)
# Binds the uploaded SSL certificate to the web app.
az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI \
--name $webappname --resource-group $resourceGroup
echo "You can now browse to https://$fqdn"
希望对您有所帮助,如果您还有其他问题,请告诉我。
TLS/SSL --> 私钥证书 --> 导入密钥库证书
任何人都可以分享 arm/script 进行配置。
我们正在申请手动执行,我们需要脚本来执行