通过 powershell Cert:\LocalMachine\My 证书存储,我确实看到了证书,但通过证书管理器 certmgr.msc,我在任何地方都看不到它。如何让它出现在那里或 IIS 服务器证书部分。证书是使用以下脚本导入的。
# Install a secret stored in KeyVault into an Azure VM's credential store.
$resourceGroup = [resource group name]
$vm = Get-AzureRmVM -ResourceGroupName $resourceGroup -Name [VM name]
$vaultId = "/subscriptions/[subscription guid]/resourceGroups/$resourceGroup/providers/Microsoft.KeyVault/vaults/[vault name]"
$certStore = "My"
$certUrl = [KeyVault secret URL w/ version id]
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore $certStore -CertificateUrl $certUrl
# Update the VM so the changes take effect.
Update-AzureRmVM -ResourceGroupName $resourceGroup -VM $vm
答案1
这些步骤看起来不错,问题是证书是如何生成的。尝试在本地机器上生成自签名证书并上传到保险库进行测试。
#Generating self-singed certificate
$Cert = New-SelfSignedCertificate -Subject "CN=Disk Encryption Cert" -CertStoreLocation "cert:\LocalMachine\My" -FriendlyName "Disk Encryption Cert" -NotAfter (Get-Date).AddYears(10) -KeyAlgorithm RSA -KeyLength 2048 -Type Custom -KeySpec Signature
Export-PfxCertificate -Cert $cert -Password (ConvertTo-SecureString "Testing123" -AsPlainText -Force) -FilePath .\Diskencrypt.pfx -Force