尝试将证书添加到功能应用时，获取httpresponsemessage

发布于 2025-01-29 08:13:49 字数 1519 浏览 3 评论 0原文

我正在通过ARM模板部署功能应用程序。我添加了以下片段，以添加Azure键Vault的证书，并添加了一个主机名绑定。

{
              "type": "Microsoft.Web/certificates",
              "apiVersion": "2019-08-01",
              "name": "[parameters('certificateName')]",
              "location": "North Europe",
              "dependsOn": [
                  "[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]"
              ],
              "properties": {
                  "keyVaultId": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('keyvaultName'))]",
                  "keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
                  "serverFarmId": "[resourceId('Microsoft.Web/serverFarms', parameters('hostingPlanName'))]"
              }
          },
          {
              "type": "Microsoft.Web/sites/hostnameBindings",
              "name": "[concat(parameters('functionAppName'), '/', parameters('customDomainName'))]",
              "apiVersion": "2019-08-01",
              "location": "North Europe",
              "dependsOn": [
                  "[resourceId('Microsoft.Web/certificates', parameters('certificateName'))]"
              ],
              "properties": {
                  "sslState": "SniEnabled",
                  "thumbprint": "[reference(resourceId('Microsoft.Web/certificates', parameters('certificateName'))).Thumbprint]"
              }
          }

但是当我不部署ARM模板时，我会在Microsoft.web/证书上遇到以下错误 “消息”：“参数httpresponsemessage具有无效的值。”

原文

I am deploying a function app via ARM template. I have added the following snippet to add the certificate from the Azure Key vault and the added a host name binding.

{
              "type": "Microsoft.Web/certificates",
              "apiVersion": "2019-08-01",
              "name": "[parameters('certificateName')]",
              "location": "North Europe",
              "dependsOn": [
                  "[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]"
              ],
              "properties": {
                  "keyVaultId": "[resourceId(parameters('keyvaultRG'), 'Microsoft.KeyVault/vaults', parameters('keyvaultName'))]",
                  "keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
                  "serverFarmId": "[resourceId('Microsoft.Web/serverFarms', parameters('hostingPlanName'))]"
              }
          },
          {
              "type": "Microsoft.Web/sites/hostnameBindings",
              "name": "[concat(parameters('functionAppName'), '/', parameters('customDomainName'))]",
              "apiVersion": "2019-08-01",
              "location": "North Europe",
              "dependsOn": [
                  "[resourceId('Microsoft.Web/certificates', parameters('certificateName'))]"
              ],
              "properties": {
                  "sslState": "SniEnabled",
                  "thumbprint": "[reference(resourceId('Microsoft.Web/certificates', parameters('certificateName'))).Thumbprint]"
              }
          }

But when I don deploy the ARM template I get the following error at Microsoft.Web/certificates
"message": "The parameter httpResponseMessage has an invalid value."

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

野生奥特曼 2025-02-05 08:13:49

请检查以下步骤是否有助于解决该问题：

Microsoft.web/证书的错误“消息”：“参数{0}具有无效的值。”

请按以下步骤解决此问题：

启用Microsoft.web资源提供商，使用Azure PowerShell指导Azure键值访问Azure键值。

Login-AzureRmAccount 
Set-AzureRmContext -SubscriptionId AZURE_SUBSCRIPTION_ID 
Set-AzureRmKeyVaultAccessPolicy -VaultName KEY_VAULT_NAME -ServicePrincipalName <ServicePrincipalId> -PermissionsToSecrets get

检查Azure密钥库的访问策略：Azure键Vault＆gt;访问政策＆GT;添加新（microsft.web）您的函数 - app
azure powerShell命令将证书插入keyVault：

$pfxFilePath = "PFX_CERTIFICATE_FILE_PATH" # Change this path 
$pwd = "PFX_CERTIFICATE_PASSWORD" # Change this password 
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable 
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag) 
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12 
$clearBytes = $collection.Export($pkcs12ContentType) 
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes) 
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force 
$secretContentType = 'application/x-pkcs12' 
Set-AzureKeyVaultSecret -VaultName KEY_VAULT_NAME -Name KEY_VAULT_SECRET_NAME -SecretValue $Secret -ContentType $secretContentType # Change Name of Azure KV & Secret

下一步是使用keyVaultSecretName直接访问键车以获取值。

网站。参数 ：

 {
  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentParameters.json",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "functionAppName": {
      "value": "yourfunctionappname"
    },
    "customHostname": {
      "value": "yourcustomdomianname"
    },
    "existingKeyVaultId": {
      "value": "/subscriptions/subscriptionsID/resourceGroups/resourceGroupsName/providers/Microsoft.KeyVault/vaults/vaultsName"
    },
    "existingKeyVaultSecretName": {
      "value": "The key vaults SecretName"
    }
  }
}

Please check if the below steps help to fix the issue:

error at Microsoft.Web/certificates "message": "The parameter {0} has an invalid value."

Follow the below steps to fix this issue:

Enable the Microsoft.Web resource provider to direct access the Azure Key Vault using the Azure PowerShell.

Login-AzureRmAccount 
Set-AzureRmContext -SubscriptionId AZURE_SUBSCRIPTION_ID 
Set-AzureRmKeyVaultAccessPolicy -VaultName KEY_VAULT_NAME -ServicePrincipalName <ServicePrincipalId> -PermissionsToSecrets get

Check the Access Policies of Azure Key Vault: Azure Key Vault > Access Policies > Add New (Microsft.Web) Your-Function-App
Azure PowerShell Commands for inserting the certificate to the KeyVault:

$pfxFilePath = "PFX_CERTIFICATE_FILE_PATH" # Change this path 
$pwd = "PFX_CERTIFICATE_PASSWORD" # Change this password 
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable 
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag) 
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12 
$clearBytes = $collection.Export($pkcs12ContentType) 
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes) 
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force 
$secretContentType = 'application/x-pkcs12' 
Set-AzureKeyVaultSecret -VaultName KEY_VAULT_NAME -Name KEY_VAULT_SECRET_NAME -SecretValue $Secret -ContentType $secretContentType # Change Name of Azure KV & Secret

Next step is using the KeyVaultSecretName for directly accessing the KeyVault in order to get the value.

WebSite.parameters:

 {
  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentParameters.json",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "functionAppName": {
      "value": "yourfunctionappname"
    },
    "customHostname": {
      "value": "yourcustomdomianname"
    },
    "existingKeyVaultId": {
      "value": "/subscriptions/subscriptionsID/resourceGroups/resourceGroupsName/providers/Microsoft.KeyVault/vaults/vaultsName"
    },
    "existingKeyVaultSecretName": {
      "value": "The key vaults SecretName"
    }
  }
}

回复收藏 0 原文

~没有更多了~