将密钥存储库证书(自签名)部署到Web应用程序时,得到“错误请求”错误或“NoRegisteredProviderFound”
Vault Name : MyKeyVaultTest
资源ID:/subscriptions/******-*****-*****-******-******-*******/ResourceGroups/XXX-YYY-ZZZ/Providers/Microsoft.KeyVault/Vaults/MyKeyVaultTest访问策略:租户ID:d29bcd12-3280-4f37-b8f2-6e9e2f581472对象ID:daccd2fd-835a-4c03-8336-c5fcf481f3cc应用ID:172F36FC-A098-47A1-9C83-04016D3E9781对恢复、备份、还原、解密、加密、取消包装密钥、包装密钥、验证、签名、清除对机密的权限:获取、列表、设置、删除、恢复、备份、还原、清除对证书的权限:获取、列表、更新、创建、导入、删除、ManageContacts、ManageIssuers、GetIssuers、ListIssuers、DeleteIssuers对(密钥库托管)存储的权限:
使用下面提到的Power Shell脚本创建了一个自签名证书-
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname XXXXXXXtechmahindra.onmicrosoft.com
$pwd = ConvertTo-SecureString -String ‘XXXXXX@1234@’ -Force -AsPlainText
$path = 'cert:\localmachine\my\' + $cert.thumbprint
Export-PfxCertificate -cert $path -FilePath c:\temp\cert.pfx -Password $pwd
将相同的证书添加到Key-Vault,并获得名为“MyKeyVaultTestWebAppPK”的秘密,其内容类型为“Application/x-PKCS12”。
然后启用ARM客户端,执行下面的脚本,将密钥库证书部署到出现错误的Web应用程序“MyKeyVaultTestWebApp”中。脚本和错误如下-
1. Script without changing the API version:
ARMClient.exe PUT /subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/certificates/keyvaultcertificate?api-version=2016-03-01 "{'Location':'SouthCentralUS','Properties':{'KeyVaultId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.KeyVault/vaults/MyKeyVaultTest', 'KeyVaultSecretName':'mykeyvaulttestwebappPK', 'serverFarmId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/serverfarms/MyKeyVaultTestWebAppServicePlan'}}"
"Code": "BadRequest",
"Message": "The service does not have access to '/subscriptions/*****-*****-*****-*****-**********/resourcegroups/rg-scotia-scale-test/providers/microsoft.keyvault/vaults/mykeyvaulttest' Key Vault. Please make sure that you have granted necessary permissions to the service to perform the request operation."
2. Script with the Serverfarm’s API version:
ARMClient.exe PUT /subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/certificates/keyvaultcertificate?api-version=2016-09-01 "{'Location':'SouthCentralUS','Properties':{'KeyVaultId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.KeyVault/vaults/MyKeyVaultTest', 'KeyVaultSecretName':'mykeyvaulttestwebappPK', 'serverFarmId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/serverfarms/MyKeyVaultTestWebAppServicePlan'}}"
"code": "NoRegisteredProviderFound",
"message": "No registered resource provider found for location 'SouthCentralUS' and API version '2016-09-01' for type 'certificates'.
3. Script with the Key-Vault’s API version:
ARMClient.exe PUT /subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/certificates/keyvaultcertificate?api-version=2015-06-01 "{'Location':'SouthCentralUS','Properties':{'KeyVaultId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.KeyVault/vaults/MyKeyVaultTest', 'KeyVaultSecretName':'mykeyvaulttestwebappPK', 'serverFarmId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/serverfarms/MyKeyVaultTestWebAppServicePlan'}}"
"Code": "BadRequest",
"Message": "The service does not have access to '/subscriptions/*****-*****-*****-*****-**********/resourcegroups/rg-scotia-scale-test/providers/microsoft.keyvault/vaults/mykeyvaulttest' Key Vault. Please make sure that you have granted necessary permissions to the service to perform the request operation."
[注:引用“https://blogs.msdn.microsoft.com/appserviceteam/2016/05/24/deploying-azure-web-app-certification-through-key-vault/”用于实现更改]
共有1个答案
根据您的错误消息,我想您可能没有启用“Microsoft.Web”资源提供程序直接访问azure密钥库。
这样你就会面临你可以有足够的权限访问密钥库的错误。
我建议您可以按照下面的powershell代码来启用该权限。
Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId AZURE_SUBSCRIPTION_ID
Set-AzureRmKeyVaultAccessPolicy -VaultName KEY_VAULT_NAME -ServicePrincipalName abfa0a7c-a6b6-4736-8310-5855508787cd -PermissionsToSecrets get
ARMClient.exe PUT /subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/certificates/keyvaultcertificate?api-version=2016-03-01 "{'Location':'SouthCentralUS','Properties':{'KeyVaultId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.KeyVault/vaults/MyKeyVaultTest', 'KeyVaultSecretName':'mykeyvaulttestwebappPK', 'serverFarmId':'/subscriptions/*****-*****-*****-*****-**********/resourceGroups/XXX-YYY-ZZZ/providers/Microsoft.Web/serverfarms/MyKeyVaultTestWebAppServicePlan'}}"
-
在intellij(15.0.4)中,在Settings->Maven->Repositories下,我在单击Company Repositories上的update时出现错误。 org.apache.maven.wagon.TransferFailedException:Sun.Security.Validator.ValidatorException:PKIX路径构建失败:Sun.Securi
-
问题内容: 我试图将Play应用程序部署到Cloudbees(仅通过推送到由jenkins生成的git repo),它已编译并且可以正常工作,但加载该应用程序时出现“ 502 Bad Gateway”错误。控制台中没有显示任何错误,只是尝试访问它时回答“ 502 Bad Gateway”。但这也是我在浏览器中看到的。Cloudbees说,没有其他必要的操作,只需克隆/拉动ClickStart- P
-
基于各种web输入,我已经按照以下步骤将证书添加到我的本地jdk密钥库: > 通过从Linux主机点击以下命令下载证书:openssl s_client-connect myservice:443-showcerts 复制了(包括)------开始证书-----------结束证书-------之间的内容,保存为C:\java\jre\lib\security\cer1.cer 键入:C:\jav
-
我在使用SSL时遇到了困难,因为我得到了以下与我的密钥存储相关的错误(使用keytool per:http://developer.android.com/tools/publishing/app-signing.html自创建和自签名): 08-14 20:55:23.044:W/System.err(5430):java.io.ioException:密钥存储的版本错误。08-14 20:55
-
我的应用程序https://github.com/amyequinn/weatherapp在终端运行npm启动时运行得很好,但是当将应用程序部署到Heroku时,它崩溃了,我找不到解决方案。错误为H10,应用程序在Get方法时崩溃,状态503.... “2020-05-08T23:13:34.132652+00:00 Heroku[router]:at=error code=h10 desc=”A
-
我试图连接到驻留在我的网络服务器上的远程Git存储库,并将其克隆到我的机器上。 我的命令使用以下格式: 这对我的大多数团队成员都很有效。通常在运行此命令后,Git会提示输入用户的密码,然后运行克隆。但是,当运行在我的机器之一,我得到以下错误: 主机密钥验证失败。 致命:无法从远程存储库读取。 我们没有使用SSH密钥连接到此存储库,所以我不确定Git为什么要在这台特定的机器上检查一个。