问题
I've been following this guide to use a certificate to authenticate with key vault from azure batch. Every certificate I generate causes errors on import into azure batch, some examples are listed below:
code : InvalidPropertyValue message : The value provided for one of the properties in the request body is invalid. PropertyName: data Reason: The specified data and the password do not match
or
Unable to get property 'tbsCertificate' of undefined or null reference
or
Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?
Are there any requirements for the certificate that I'm not aware of? Alternatively is it possible to assign a managed identity or service principal to my Azure Batch Pool instead, if certificates are not working.
回答1:
Using this article as a guide, I added the below options to the makecert command.
-a sha256 -len 2048
This certificate on it's own still wont work, you then need to run pvk2pfx with only the below options:
pvk2pfx -pvk batchcertificate.pvk -spc batchcertificate.cer
This opens the wizard, using which you then need to:
- select "yes export the private key"
- Tick the following options:
- "include all certificates in the certification path if possible"
- "Export all extended properties"
- "Enable certificate privacy"
- On the next page, add a password
回答2:
You can try your hand at this documentation as well: https://samcogan.com/secure-credential-access-with-azure-batch-and-keyvault/
I believe that Microsoft will publish more documentation on this specifically in the future.
来源:https://stackoverflow.com/questions/57996578/how-to-authenticate-with-key-vault-from-azure-batch