如何通过 Azure ARM 模板将证书上传到应用程序网关
How to upload a certificate to Application gateway through Azure ARM Template
我正在尝试通过我的 ARM 模板脚本将证书上传到应用程序网关。如何通过 ARM 脚本执行此操作。下面是我的脚本:
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
},
{
"name": "httpssettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 8443,
"protocol": "Https",
"cookieBasedAffinity": "Enabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"id": "[parameters('sslCertData')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
},
{
"name": "scalablehttpsettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 7443,
"protocol": "Https",
"cookieBasedAffinity": "Enabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"id": "[parameters('sslCertData')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
}
],
我想知道如何将证书路径提供给 authenticationCertificates 下的参数 ('sslCertData')。任何人都可以在这里帮助我吗?
PS:证书为.cer格式
你不能直接这样做。您需要将证书转换为 base64 并将其作为 base64 传递给应用程序网关。另外,我相当确定您不能将 .cer 用于侦听器,只能用于身份验证(因此端到端 ssl)。工作示例:
"sslCertificates": [ // these certificates can be used for listeners
{
"name": "offloadCertificate",
"properties": {
"data": "base64_value_of_.pfx",
"password": "password_for_.pfx"
}
}
],
"authenticationCertificates": [ // these only for end-to-end ssl
{
"name": "authenticationCertificate",
"properties": {
"data": "base64_value_of_.cer"
}
}
]
We have to use and declare as shown below. It works like a charm.
"httpscertificate": {
"defaultValue":"Base64 converted value"
"type": "string"
},
"authenticationCertificates": [
{
"properties": {
"data": "[parameters('httpscertificate')]"
},
"name": "Appgatewaybackendcert"
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
},
{
"name": "nonscalablehttpssettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 8443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"Id": "[concat(variables('applicationGatewayID'), '/authenticationCertificates/checkpointsystems')]" //appGatewayBackendCert
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
},
{
"name": "scalablehttpsettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 7443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"Id": "[concat(variables('applicationGatewayID'), '/authenticationCertificates/checkpointsystems')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
}
],
我正在尝试通过我的 ARM 模板脚本将证书上传到应用程序网关。如何通过 ARM 脚本执行此操作。下面是我的脚本:
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
},
{
"name": "httpssettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 8443,
"protocol": "Https",
"cookieBasedAffinity": "Enabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"id": "[parameters('sslCertData')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
},
{
"name": "scalablehttpsettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 7443,
"protocol": "Https",
"cookieBasedAffinity": "Enabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"id": "[parameters('sslCertData')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
}
],
我想知道如何将证书路径提供给 authenticationCertificates 下的参数 ('sslCertData')。任何人都可以在这里帮助我吗?
PS:证书为.cer格式
你不能直接这样做。您需要将证书转换为 base64 并将其作为 base64 传递给应用程序网关。另外,我相当确定您不能将 .cer 用于侦听器,只能用于身份验证(因此端到端 ssl)。工作示例:
"sslCertificates": [ // these certificates can be used for listeners
{
"name": "offloadCertificate",
"properties": {
"data": "base64_value_of_.pfx",
"password": "password_for_.pfx"
}
}
],
"authenticationCertificates": [ // these only for end-to-end ssl
{
"name": "authenticationCertificate",
"properties": {
"data": "base64_value_of_.cer"
}
}
]
We have to use and declare as shown below. It works like a charm.
"httpscertificate": {
"defaultValue":"Base64 converted value"
"type": "string"
},
"authenticationCertificates": [
{
"properties": {
"data": "[parameters('httpscertificate')]"
},
"name": "Appgatewaybackendcert"
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
},
{
"name": "nonscalablehttpssettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 8443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"Id": "[concat(variables('applicationGatewayID'), '/authenticationCertificates/checkpointsystems')]" //appGatewayBackendCert
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
},
{
"name": "scalablehttpsettings",
"etag": "W/\"f5659c7c-d83a-431b-b456-097622a27c7b\"",
"properties": {
"provisioningState": "Succeeded",
"port": 7443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"connectionDraining": {
"enabled": false,
"drainTimeoutInSec": 60
},
"pickHostNameFromBackendAddress": false,
"path": null,
"requestTimeout": 300,
"authenticationCertificates": [
{
"Id": "[concat(variables('applicationGatewayID'), '/authenticationCertificates/checkpointsystems')]"
}
]
},
"type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection"
}
],