我刚刚将证书上传到Azure密钥库,然后将其与本地文件进行了比较。两者非常不同。
var cwd = Directory.GetCurrentDirectory();
var fileCertBytes = File.ReadAllBytes(Path.Join(cwd, "redislabs_user.pfx")); // 3365 bytes
var fileCert = new X509Certificate2(fileCertBytes, "");
var client = new CertificateClient(new Uri($"https://mycompany.vault.azure.net/"), new DefaultAzureCredential());
var vaultCertBytes = client.GetCertificate("redislabsuser").Value.Cer; // 865 bytes
var vaultCert = new X509Certificate2(vaultCertBytes, "");
var same = fileCert.Equals(vaultCert); // returns true
这是我的问题:从两个生成的X509证书似乎是相同的,但是当我尝试使用它们连接到Redis Labs时,本地文件可行,但是关键库中的文件却没有。
我已经证实了指标是相同的(以及我可以的其他所有内容),但是显然缺少大量数据(显然是2500个字节)。如何确保从钥匙库中获取证书的所有数据?
I just uploaded a certificate to Azure Key Vault, then compared it to the file locally. The two are very different.
var cwd = Directory.GetCurrentDirectory();
var fileCertBytes = File.ReadAllBytes(Path.Join(cwd, "redislabs_user.pfx")); // 3365 bytes
var fileCert = new X509Certificate2(fileCertBytes, "");
var client = new CertificateClient(new Uri(quot;https://mycompany.vault.azure.net/"), new DefaultAzureCredential());
var vaultCertBytes = client.GetCertificate("redislabsuser").Value.Cer; // 865 bytes
var vaultCert = new X509Certificate2(vaultCertBytes, "");
var same = fileCert.Equals(vaultCert); // returns true
Here's my problem: The X509 Certificates generated from both seem to be the same, but when I try to use them to connect to Redis Labs, the local file works, but the one from Key Vault does not.
I've verified that the thumbprints are the same (and everything else I can), but there's obviously a TON of data missing (2500 bytes, apparently), that Redis needs. How do I ensure I get ALL the data of the certificate from Key Vault?
发布评论
评论(1)
我认为问题是,当您从Azure键保管库中获得证书时,您只会检索其公共密钥部分。要获取实际的私钥,您需要将其作为秘密。是的,这不是直观的。
参见
I think the issue is that when you get the certificate from Azure Key Vault you only retrieve the public key part of it. To get the actual private key, then you need to get it as a secret. Yes, it is not intuitive.
see