是否可以通过文件名引用Azure Key Vault中的证书?
在此问题的情况下正在使用将证书路径作为参数的库.
In the scenario for this question I am using a library that takes a certificate path as a parameter.
这是否意味着我无法将证书存储在Key Vault中?
Does that mean that it is not possible for me to store my certificate in Key Vault?
这是否意味着我无法将证书存储在Key Vault中?
Does that mean that it is not possible for me to store my certificate in Key Vault?
可能的,但是您必须给它一个名称(密钥)才能访问它.
It is possible, but you have to give it a Name (key) to access it.
在将x.509证书添加/导入到Azure Key Vault证书中时,为其指定一个名称(该证书充当该证书的唯一密钥),然后使用该名称访问该证书.
When you add/import x.509 certificates to Azure Key Vault Certificates, you give it a name (which acts as a unique key for that certificate), and you access that certificate by that name.
Now, with regards to your other question, I am assuming you are wondering how to access a certificate from an Azure function. In your other question, you have this:
ApiSettings["SigningCertPath"]
并且您指出,您正在使用(第三方)库,该库将选择签名证书路径,并大概加载该证书.我不知道您的(第三方)库如何工作,或者甚至无法与Azure Key Vault一起工作.但是看来您的图书馆正在从文件加载证书.您没有提及您是否仍然愿意那样做.
And you indicated, you are using a (3rd party) library which picks the signing certificate path, and presumably loads that certificate. I do not know how your (3rd party) library works, or if it even works with Azure Key Vault. But it appears your library is loading the cert from a file. You did not mention if you still would like to do it that way.
但是,作为替代方案,您可以将证书加载/导入到Function App中(平台功能> SSL ).除了taht,您还需要将此条目添加到应用程序设置"(在Azure门户上):键WEBSITE_LOAD_CERTIFICATES和*的值.这会将所有证书加载到您的SSL绑定中,并加载到Function App的证书存储中.然后,您的函数可以读取/获取证书,就像从本地证书存储中获取证书一样.
But as alternative, you can load/import your certificate into your Function App (Platform features > SSL). Besides taht, you also need to add this entry to the Application Settings (on Azure portal): key WEBSITE_LOAD_CERTIFICATES and the value of *. This loads all certificates in your SSL bindings and into your Function App's certificate store. Then your function can read/get the certificate as you would get it from a local certificate store.
您可以执行上述操作,而不是将证书存储在Key Vault中.但是您也可以将所有其他证书保存在Key Vault中,并且仅存储从功能范围内访问Key Vault所需的客户端证书.
You can do the above instead of storing your certs in Key Vault. But you can also have all your other certs in Key Vault and only store the client certificate you need to access Key Vault from within your function.