Azure api 管理 ssl 证书必须有私钥
Azure api management ssl certificate must have a private key
我一直致力于使用自签名证书和私钥部署 azure api 管理。
不用说,我几天前测试了我的 Terraform 代码,一切正常,我能够使用 Terraform 部署我的基础设施,所以我从门户中删除了资源组。今天我想再次启动基础设施,但出现以下错误:
Error: creating/updating API Management Service "demo-apim-testing" (Resource Group "rg-testing-apim"): apimanagement.ServiceClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameters" Message="Invalid parameter: Certificate 'XXXXXXXX' must have a Private Key."
错误指向此资源:
resource "azurerm_api_management" "demo-apim" {
name = "demo-apim-test"
sku_name = "Developer_1"
hostname_configuration {
proxy {
host_name = "apim.test.com"
certificate = filebase64(var.ssl_certificate_path)
certificate_password = var.ssl_certificate_password
default_ssl_binding = true
negotiate_client_certificate = false
}
}
我确实生成了证书 .cer 和 .pfx 并将它们设置为变量:
variable "ssl_certificate_path" {
default = "./certificate.cer"
}
variable "pfx_certificate" {
default = "./certificate.pfx"
}
variable "ssl_certificate_password" {
default = "XXXXX"
}
在我的应用程序网关中,我设置了相同的配置。如下:
ssl_certificate {
data = filebase64(var.pfx_certificate)
name = "demo-app-gateway-certificate"
password = var.ssl_certificate_password
}
trusted_root_certificate {
data = filebase64(var.ssl_certificate_path)
name = "demo-trusted-root-ca-certificate"
}
同样的配置在我的最新部署中返回 successful,并且能够测试连接和所有内容。但是今天它不再识别我的证书了。
谁能告诉我我在这里做错了什么?
如果您需要更多详细信息或有任何疑问,请随时提出。非常感谢
由于证书块支持base 64编码的PFX或base 64编码的X.509证书,
您可以使用以下代码:
certificate = filebase64(var.pfx_certificate)
而不是
certificate = filebase64(var.ssl_certificate_path)
所以最终代码应该如下所示:
resource "azurerm_api_management" "demo-apim" {
name = "demo-apim-test"
sku_name = "Developer_1"
hostname_configuration {
proxy {
host_name = "apim.test.com"
certificate = filebase64(var.pfx_certificate)
certificate_password = var.ssl_certificate_password
default_ssl_binding = true
negotiate_client_certificate = false
}
}
我一直致力于使用自签名证书和私钥部署 azure api 管理。
不用说,我几天前测试了我的 Terraform 代码,一切正常,我能够使用 Terraform 部署我的基础设施,所以我从门户中删除了资源组。今天我想再次启动基础设施,但出现以下错误:
Error: creating/updating API Management Service "demo-apim-testing" (Resource Group "rg-testing-apim"): apimanagement.ServiceClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameters" Message="Invalid parameter: Certificate 'XXXXXXXX' must have a Private Key."
错误指向此资源:
resource "azurerm_api_management" "demo-apim" {
name = "demo-apim-test"
sku_name = "Developer_1"
hostname_configuration {
proxy {
host_name = "apim.test.com"
certificate = filebase64(var.ssl_certificate_path)
certificate_password = var.ssl_certificate_password
default_ssl_binding = true
negotiate_client_certificate = false
}
}
我确实生成了证书 .cer 和 .pfx 并将它们设置为变量:
variable "ssl_certificate_path" {
default = "./certificate.cer"
}
variable "pfx_certificate" {
default = "./certificate.pfx"
}
variable "ssl_certificate_password" {
default = "XXXXX"
}
在我的应用程序网关中,我设置了相同的配置。如下:
ssl_certificate {
data = filebase64(var.pfx_certificate)
name = "demo-app-gateway-certificate"
password = var.ssl_certificate_password
}
trusted_root_certificate {
data = filebase64(var.ssl_certificate_path)
name = "demo-trusted-root-ca-certificate"
}
同样的配置在我的最新部署中返回 successful,并且能够测试连接和所有内容。但是今天它不再识别我的证书了。
谁能告诉我我在这里做错了什么?
如果您需要更多详细信息或有任何疑问,请随时提出。非常感谢
由于证书块支持base 64编码的PFX或base 64编码的X.509证书,
您可以使用以下代码:
certificate = filebase64(var.pfx_certificate)
而不是
certificate = filebase64(var.ssl_certificate_path)
所以最终代码应该如下所示:
resource "azurerm_api_management" "demo-apim" {
name = "demo-apim-test"
sku_name = "Developer_1"
hostname_configuration {
proxy {
host_name = "apim.test.com"
certificate = filebase64(var.pfx_certificate)
certificate_password = var.ssl_certificate_password
default_ssl_binding = true
negotiate_client_certificate = false
}
}