我有一个网络作业从 azure key Vault 服务获取证书,并且在本地我从 kv 访问/检索此证书没有问题。但是,当部署此网络作业时,我收到此错误:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at Microsoft.Ambassadors.Infrastructure.KeyVaultService.<GetCertificateAsync>d__7.MoveNext() in C:\Source\Repos\Xbox.Ambassadors\Microsoft.Ambassadors.Azure\Microsoft.Ambassadors.Infrastructure\KeyVaultService.cs:line 0
我已向 AAD 注册了该应用程序(托管该网络作业的位置),并且它对 kv 空间具有只读访问权限。我发现了一些与此相关的(我认为..?)帖子:
"An internal error occurred." when loading pfx file with X509Certificate2
X509Certificate Constructor Exception
但我不太确定这是否是我可以在我的情况下做的事情......?如果有人可以提供帮助,那就太好了!谢谢:D
最佳答案
我遇到了同样的问题,只不过我正在部署到 Azure Web 应用程序。我通过添加 X509KeyStorageFlags 修复了该问题。
SecretBundle secretBundle = await keyVaultClient.GetSecretAsync(_keyVaultOptions.IdentitySigningCredentialUri);
_signingCredential = new X509Certificate2(Convert.FromBase64String(secretBundle.Value), string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
关于Azure key 保管库 : unable to get a cert from kv when deployed,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52282213/