【发布时间】:2013-08-13 20:12:03
【问题描述】:
当我使用 rest-api 创建 VM 时,我想将所有上传的证书保存在 azure 中,以便将这些证书与 VM 关联起来。
有必要,证书应该在本地机器上可用吗? 如果是,当网站/门户在任何机器上打开时,有什么方法可以在本地安装证书。
【问题讨论】:
标签: c#-4.0 azure certificate virtual-machine
【发布时间】:2013-08-13 20:12:03
【问题描述】:
您需要在每台使用 REST api 的机器上安装证书才能运行。
私钥和公钥的重点是维护安全。我不认为这会是您想要放在网站上供任何人安装的东西。
话虽如此,如果您通过网站进行 REST 调用,那么只有托管应用程序的服务器需要安装证书。
我构建了一个包含 REST URL like this one 的网络请求,然后构建响应。
private HttpWebResponse CallAzure(HttpWebRequest request, string postData)
{
var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certificateStore.Open(OpenFlags.ReadOnly);
var certs = certificateStore.Certificates.Find(X509FindType.FindByThumbprint, CertificateThumbprint, false);
if (request.Method.ToUpper() == "POST")
{
var xDoc = new XmlDocument();
xDoc.LoadXml(postData);
var requestStream = request.GetRequestStream();
var streamWriter = new StreamWriter(requestStream, Encoding.UTF8);
xDoc.Save(streamWriter);
streamWriter.Close();
requestStream.Close();
}
request.ClientCertificates.Add(certs[0]);
request.ContentType = "application/xml";
request.Headers.Add("x-ms-version", "2012-03-01");
ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
request.ServicePoint.Expect100Continue = false;
var response = request.GetResponse();
return (HttpWebResponse)response;
}
我发现install the certificate via PowerShell. 最简单
如果你想生成自己的publishsettingfilehere is a very easy app to do it。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Xml;
using System.Security.Cryptography.X509Certificates;
using System.IO;
namespace CreatePublishSettingsFile
{
class Program
{
private static string subscriptionId = "[your subscription id]";
private static string subscriptionName = "My Awesome Subscription";
private static string certificateThumbprint = "[certificate thumbprint. the certificate must have private key]";
private static StoreLocation certificateStoreLocation = StoreLocation.CurrentUser;
private static StoreName certificateStoreName = StoreName.My;
private static string publishFileFormat = @"<?xml version=""1.0"" encoding=""utf-8""?>
<PublishData>
<PublishProfile
PublishMethod=""AzureServiceManagementAPI""
Url=""https://management.core.windows.net/""
ManagementCertificate=""{0}"">
<Subscription
Id=""{1}""
Name=""{2}"" />
</PublishProfile>
</PublishData>";
static void Main(string[] args)
{
X509Store certificateStore = new X509Store(certificateStoreName, certificateStoreLocation);
certificateStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificates = certificateStore.Certificates;
var matchingCertificates = certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false);
if (matchingCertificates.Count == 0)
{
Console.WriteLine("No matching certificate found. Please ensure that proper values are specified for Certificate Store Name, Location and Thumbprint");
}
else
{
var certificate = matchingCertificates[0];
certificateData = Convert.ToBase64String(certificate.Export(X509ContentType.Pkcs12, string.Empty));
if (string.IsNullOrWhiteSpace(subscriptionName))
{
subscriptionName = subscriptionId;
}
string publishSettingsFileData = string.Format(publishFileFormat, certificateData, subscriptionId, subscriptionName);
string fileName = Path.GetTempPath() + subscriptionId + ".publishsettings";
File.WriteAllBytes(fileName, Encoding.UTF8.GetBytes(publishSettingsFileData));
Console.WriteLine("Publish settings file written successfully at: " + fileName);
}
Console.WriteLine("Press any key to terminate the program.");
Console.ReadLine();
}
}
}
【讨论】: