我一直在尝试整合一系列围绕创建和刷新 AD 服务主体和应用程序的操作。我遇到问题的流程是:
- 从 Azure Key Vault 获取证书
- 使用证书进行身份验证创建服务主体(和应用程序)。
PS > Get-AzureKeyVaultCertificate -VaultName certs -Name CertName
Name : CertName
Certificate : [Subject]
CN=certName.foo.com
[Issuer]
CN=certName.foo.com
[Serial Number]
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Not Before]
6/2/2017 5:41:26 PM
[Not After]
6/2/2018 5:51:26 PM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Id : https://certs.vault.azure.net:443/certificates/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
KeyId : https://certs.vault.azure.net:443/keys/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SecretId : https://certs.vault.azure.net:443/secrets/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags : {[Thumbprint, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]}
Enabled : True
Created : 6/3/2017 2:11:31 AM
Updated : 6/3/2017 2:11:31 AM
PS > New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $cert.Certificate.GetEffectiveDateString() -EndDate $cert.Certificate.GetExpirationDateString()
New-AzureRmADServicePrincipal : Key credential start date is invalid.
At line:1 char:1
+ New-AzureRmADServicePrincipal -DisplayName "Cert access" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-AzureRmADServicePrincipal], Exception
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand
为什么我得到密钥凭证开始日期无效?
根据您的错误日志,似乎时间格式错误。我建议你可以使用[System.DateTime]::Now
设置时间。我在实验室进行测试,没有遇到您的错误日志,以下脚本对我有用。我建议你可以测试一下。
##import certificate to key valut
$Password = ConvertTo-SecureString -String "*******" -AsPlainText -Force
Import-AzureKeyVaultCertificate -VaultName "shuikey" -Name "ImportCert01" -FilePath "C:\shui.pfx" -Password $Password
##set start time and expire time
$now = [System.DateTime]::Now
$yearfromnow = $now.AddYears(1)
##Get certificate from key vault
$cert=Get-AzureKeyVaultCertificate -VaultName certs -Name CertName
New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $now -EndDate $yearfromnow
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)