我一直在尝试将一些Letencrypt证书上传到Azure AKS,但遇到了一些问题......。
文档 此处建议我只需要提供证书名称和证书字节......。当我尝试这样做时,我得到的是:
In [176]: x = c.import_certificate('le-test-cert', bcert)
AttributeError: 'NoneType' object has no attribute '_to_certificate_policy_bundle'
当尝试与证书政策 我试过这两个,:
In [180]: p = CertificatePolicy('Unknown', subject='CN=devtest.<removed>.com')
In [181]: x = c.import_certificate('le-test-cert', bcert, policy=p)
HttpResponseError: (BadParameter) Property policy has invalid value
和
In [183]: p = CertificatePolicy.get_default()
In [184]: x = c.import_certificate('le-test-cert', bcert, policy=p)
HttpResponseError: (BadParameter) Property policy has invalid value
最后,我试着通过门户上传证书,用sdk把证书拉下来,得到生成的策略。使用这个策略,我又能上传证书了......但当我试图使用这个策略来生成一个新的策略时,我一直得到同样的 "BadParameter"。
In [186]: x = c.get_certificate('manual-test')
In [187]: x = c.import_certificate('2le-test-cert', bcert, policy=x.policy)
Readonly attribute created will be ignored in class <class 'azure.keyvault.certificates._shared._generated.v7_0.models._models_py3.CertificateAttributes'>
Readonly attribute updated will be ignored in class <class 'azure.keyvault.certificates._shared._generated.v7_0.models._models_py3.CertificateAttributes'>
然而,当我试图使用这个策略来生成一个新的策略时,我一直得到同样的 "BadParameter"......有谁知道如何做这个工作的例子吗? 或者有谁知道我哪里出错了?
谢谢您
根据我的测试,当我们导入证书到Azure密钥库时,我们需要告诉密钥库证书的类型(pfx或pem)。因此,我们需要指定 content_type
在 CertificatePolicy
.
例如
import os
import OpenSSL.crypto
from azure.identity import ClientSecretCredential
from azure.keyvault.certificates import CertificateClient
#get pfx file content
pfx =open('E:\\mycert.pfx', 'rb').read()
#get the Common Name field of subject
pfxPassword=b'Password0123!'
p12=OpenSSL.crypto.load_pkcs12(pfx,pfxPassword)
cert=p12.get_certificate()
subject = cert.get_subject()
issued_to = subject.CN
client =CertificateClient('https://testsql08.vault.azure.net/',token_credential )
cert_policy = CertificatePolicy(
issuer_name="Unknown",
subject="CN="+issued_to,
content_type="application/x-pkcs12"
)
result=client.import_certificate(
certificate_name='test14578', certificate_bytes=pfx, policy=cert_policy, password=pfxPassword.decode('utf-8')
)
print(result.id)