使用 .pfx 证书时出现证书身份验证错误的 Azure APIM
Azure APIM with certificate authentication error using .pfx certificate
大家好
我在使用 InBound 策略配置 APIm 操作时遇到问题,该策略处理对远程端点的调用。我已经保存了由外部服务提供给我并在策略中使用指纹的证书。远程端点使用证书验证请求。
<policies>
<inbound>
<base />
<send-request mode="new" response-variable-name="result" timeout="300" ignore-error="false">
<set-url>https://ip:port/path</set-url>
<set-method>POST</set-method>
<set-header name="Accept" exists-action="override">
<value>*/*</value>
</set-header>
<set-header name="Content-Type" exists-action="override">
<value>application/xml</value>
</set-header>
<set-body>@(context.Request.Body.As<string>())</set-body>
<authentication-certificate thumbprint="thubprint" password="password" />
</send-request>
<return-response response-variable-name="result" />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
但作为响应,我收到 500 错误
send-request (259.918 ms)
{
"messages": [
"Error occured while calling backend service.",
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.",
"The remote certificate is invalid according to the validation procedure."
]
}
先谢谢了。非常感谢任何帮助。
如评论中所述,将要点添加为社区 Wiki 答案,以帮助可能面临类似问题的社区成员。
But as a response I am getting 500 error
- 如果您正在使用 self-signed 证书,您将需要 disable certificate chain validation 以便 API 管理与后端系统通信。否则,它将 return 一个 500 错误代码。
$context = New-AzApiManagementContext -resourcegroup 'ContosoResourceGroup' -servicename 'ContosoAPIMService'
New-AzApiManagementBackend -Context $context -Url 'https://contoso.com/myapi' -Protocol http -SkipCertificateChainValidation $true
注意:截至目前,禁用证书链验证仅适用于 后端策略。
可以参考, Is disabling Validate certificate chain safe? and Protect your APIs with Azure API Management
大家好
我在使用 InBound 策略配置 APIm 操作时遇到问题,该策略处理对远程端点的调用。我已经保存了由外部服务提供给我并在策略中使用指纹的证书。远程端点使用证书验证请求。
<policies>
<inbound>
<base />
<send-request mode="new" response-variable-name="result" timeout="300" ignore-error="false">
<set-url>https://ip:port/path</set-url>
<set-method>POST</set-method>
<set-header name="Accept" exists-action="override">
<value>*/*</value>
</set-header>
<set-header name="Content-Type" exists-action="override">
<value>application/xml</value>
</set-header>
<set-body>@(context.Request.Body.As<string>())</set-body>
<authentication-certificate thumbprint="thubprint" password="password" />
</send-request>
<return-response response-variable-name="result" />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
但作为响应,我收到 500 错误
send-request (259.918 ms)
{
"messages": [
"Error occured while calling backend service.",
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.",
"The remote certificate is invalid according to the validation procedure."
]
}
先谢谢了。非常感谢任何帮助。
如评论中所述,将要点添加为社区 Wiki 答案,以帮助可能面临类似问题的社区成员。
But as a response I am getting 500 error
- 如果您正在使用 self-signed 证书,您将需要 disable certificate chain validation 以便 API 管理与后端系统通信。否则,它将 return 一个 500 错误代码。
$context = New-AzApiManagementContext -resourcegroup 'ContosoResourceGroup' -servicename 'ContosoAPIMService'
New-AzApiManagementBackend -Context $context -Url 'https://contoso.com/myapi' -Protocol http -SkipCertificateChainValidation $true
注意:截至目前,禁用证书链验证仅适用于 后端策略。
可以参考