【发布时间】:2016-05-04 13:07:50
【问题描述】:
我需要使用证书对 Azure Key Vault 进行身份验证,但我无法访问已上传的密钥。我已采取以下步骤:
通过门户将密钥 (.pfx) 上传到云服务。
将此添加到 ServiceConfiguration
<Certificates>
<Certificate name="keyvault" thumbprint="<my_thumbprint>" thumbprintAlgorithm="sha1" />
</Certificates>
将此添加到 ServiceDefinition
<Certificates>
<Certificate name="keyvault" storeLocation="LocalMachine" storeName="CA" />
</Certificates>
使用此代码检索密钥:
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
var col = store.Certificates.Find(X509FindType.FindByThumbprint,
<thumbprint_value>, false); // Don't validate certs, since the test root isn't installed.
if (col == null || col.Count == 0)
return null;
return col[0];
}
finally
{
store.Close();
}
但是,当我启动服务时,我看到了这个异常:
Value cannot be null.
Parameter name: certificate
我还需要什么额外的配置吗?
【问题讨论】:
标签: c# .net azure x509 azure-cloud-services