Azure Key Vault - CertificateClient - import_certificate: (BadParameter) 属性 策略具有无效值
Azure Key Vault - CertificateClient - import_certificate: (BadParameter) Property policy has invalid value
我一直在尝试将一些 letsencrypt 证书上传到 Azure AKS,但遇到了一些问题....
文档 here:建议我只需要提供 certificate_name 和 certificate_bytes。当我尝试这个时,我得到:
In [176]: x = c.import_certificate('le-test-cert', bcert)
AttributeError: 'NoneType' object has no attribute '_to_certificate_policy_bundle'
尝试使用证书策略时,我都尝试了:
In [180]: p = CertificatePolicy('Unknown', subject='CN=devtest.<removed>.com')
In [181]: x = c.import_certificate('le-test-cert', bcert, policy=p)
HttpResponseError: (BadParameter) Property policy has invalid value
和
In [183]: p = CertificatePolicy.get_default()
In [184]: x = c.import_certificate('le-test-cert', bcert, policy=p)
HttpResponseError: (BadParameter) Property policy has invalid value
最后我尝试通过门户上传证书,用 sdk 将其拉回并获取生成的策略。使用此策略,我能够再次上传证书....
In [186]: x = c.get_certificate('manual-test')
In [187]: x = c.import_certificate('2le-test-cert', bcert, policy=x.policy)
Readonly attribute created will be ignored in class <class 'azure.keyvault.certificates._shared._generated.v7_0.models._models_py3.CertificateAttributes'>
Readonly attribute updated will be ignored in class <class 'azure.keyvault.certificates._shared._generated.v7_0.models._models_py3.CertificateAttributes'>
但是,当尝试使用此策略生成新的策略时,我一直得到相同的 "BadParameter"...
有没有人有如何做到这一点的工作示例?或者知道我哪里出错了?
谢谢
根据我的测试,当我们将证书导入Azure key vault时,我们需要告诉key vault证书的类型(pfx或pem)。所以我们需要在CertificatePolicy.
中指定content_type
例如
import os
import OpenSSL.crypto
from azure.identity import ClientSecretCredential
from azure.keyvault.certificates import CertificateClient
#get pfx file content
pfx =open('E:\mycert.pfx', 'rb').read()
#get the Common Name field of subject
pfxPassword=b'Password0123!'
p12=OpenSSL.crypto.load_pkcs12(pfx,pfxPassword)
cert=p12.get_certificate()
subject = cert.get_subject()
issued_to = subject.CN
client =CertificateClient('https://testsql08.vault.azure.net/',token_credential )
cert_policy = CertificatePolicy(
issuer_name="Unknown",
subject="CN="+issued_to,
content_type="application/x-pkcs12"
)
result=client.import_certificate(
certificate_name='test14578', certificate_bytes=pfx, policy=cert_policy, password=pfxPassword.decode('utf-8')
)
print(result.id)
我一直在尝试将一些 letsencrypt 证书上传到 Azure AKS,但遇到了一些问题....
文档 here:建议我只需要提供 certificate_name 和 certificate_bytes。当我尝试这个时,我得到:
In [176]: x = c.import_certificate('le-test-cert', bcert)
AttributeError: 'NoneType' object has no attribute '_to_certificate_policy_bundle'
尝试使用证书策略时,我都尝试了:
In [180]: p = CertificatePolicy('Unknown', subject='CN=devtest.<removed>.com')
In [181]: x = c.import_certificate('le-test-cert', bcert, policy=p)
HttpResponseError: (BadParameter) Property policy has invalid value
和
In [183]: p = CertificatePolicy.get_default()
In [184]: x = c.import_certificate('le-test-cert', bcert, policy=p)
HttpResponseError: (BadParameter) Property policy has invalid value
最后我尝试通过门户上传证书,用 sdk 将其拉回并获取生成的策略。使用此策略,我能够再次上传证书....
In [186]: x = c.get_certificate('manual-test')
In [187]: x = c.import_certificate('2le-test-cert', bcert, policy=x.policy)
Readonly attribute created will be ignored in class <class 'azure.keyvault.certificates._shared._generated.v7_0.models._models_py3.CertificateAttributes'>
Readonly attribute updated will be ignored in class <class 'azure.keyvault.certificates._shared._generated.v7_0.models._models_py3.CertificateAttributes'>
但是,当尝试使用此策略生成新的策略时,我一直得到相同的 "BadParameter"... 有没有人有如何做到这一点的工作示例?或者知道我哪里出错了?
谢谢
根据我的测试,当我们将证书导入Azure key vault时,我们需要告诉key vault证书的类型(pfx或pem)。所以我们需要在CertificatePolicy.
content_type
例如
import os
import OpenSSL.crypto
from azure.identity import ClientSecretCredential
from azure.keyvault.certificates import CertificateClient
#get pfx file content
pfx =open('E:\mycert.pfx', 'rb').read()
#get the Common Name field of subject
pfxPassword=b'Password0123!'
p12=OpenSSL.crypto.load_pkcs12(pfx,pfxPassword)
cert=p12.get_certificate()
subject = cert.get_subject()
issued_to = subject.CN
client =CertificateClient('https://testsql08.vault.azure.net/',token_credential )
cert_policy = CertificatePolicy(
issuer_name="Unknown",
subject="CN="+issued_to,
content_type="application/x-pkcs12"
)
result=client.import_certificate(
certificate_name='test14578', certificate_bytes=pfx, policy=cert_policy, password=pfxPassword.decode('utf-8')
)
print(result.id)