为了回答我自己的问题,我终于想通了。步骤:
#create certs
openssl req -new -x509 -newkey rsa:2048 -keyout localhost.key -out localhost.cer -days 365 -subj /CN=localhost
#create pfx
openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.cer
#You will need to specify some password for it
#Now use the generated cer file and import it in your Azure portal,AzureAD->app registrations->your created SP->Certificates and secrets. Can also use powershell to do this.
#import the PFX to your machines cert store
$StoreName = [System.Security.Cryptography.X509Certificates.StoreName]::My
$StoreLocation = [System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName,$StoreLocation)
$Flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$Certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new("path to your pfx","the pfx password you specified on step 2",$Flag)
$Store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$Store.Add($Certificate)
$Store.Close()
$tenantId = 'look in your azure portal'
$appId = 'app id of the service principal you created,look in your azure portal'
$thumbprint = $certificate.thumbprint
Connect-AzAccount -ApplicationId $appId -Tenant $tenantId -CertificateThumbprint $thumbprint
就是这样,您将使用Powershell Core从Linux机器或Docker自动非交互地连接到Azure租户,并可以执行SP角色允许的所有命令。您可以重新使用PFX文件,只是第一次是手动的,然后将其托管在某个位置并使用curl或类似文件将其加载到脚本中。
注意:我对证书以及所使用的证书的安全性了解不多,后果自负。
本文链接:https://www.f2er.com/3139015.html