使用ARM在Azure Web App上配置SSL。参数{0}具有无效值。 ExtendedCode 51008,

Question

我正在尝试使用此ARM Template配置SSL和自定义域名。

全部错误消息：

New-AzureRmResourceGroupDeployment : 4:03:36 AM - Resource Microsoft.Web/certificates '<certificateName>' failed with message '{ 
    "Code": "BadRequest", 
    "Message": "The parameter httpResponseMessage has an invalid value.", 
    "Target": null, 
    "Details": [ 
    { 
     "Message": "The parameter httpResponseMessage has an invalid value." 
    }, 
    { 
     "Code": "BadRequest" 
    }, 
    { 
     "ErrorEntity": { 
     "ExtendedCode": "51008", 
     "MessageTemplate": "The parameter {0} has an invalid value.", 
     "Parameters": [ 
      "httpResponseMessage" 
     ], 
     "Code": "BadRequest", 
     "Message": "The parameter httpResponseMessage has an invalid value." 
     } 
    } 
    ], 
    "Innererror": null 
}' 

该错误消息提示来Microsoft.Web /证书在ARM模板

{ 
    "type":"Microsoft.Web/certificates", 
    "name":"[parameters('certificateName')]", 
    "apiVersion":"2016-03-01", 
    "location":"[parameters('existingAppLocation')]", 
    "properties":{ 
     "keyVaultId":"[parameters('existingKeyVaultId')]", 
     "keyVaultSecretName":"[parameters('existingKeyVaultSecretName')]", 
     "serverFarmId":"[parameters('existingServerFarmId')]" 
    } 
    }, 

这些参数的值是：

certificateName: 16charstring 
existingKeyVaultId: /subscriptions/<subscriptionid>/resourceGroups/<ressourcegroupname>/providers/Microsoft.KeyVault/vaults/<VaultName> 
existingKeyVaultSecretName: https://<VaultName>.vault.azure.net:443/secrets/<certificateName>/123456789
existingServerFarmId: /subscriptions/<subscriptionid>/resourceGroups/<ressourcegroupname>/providers/Microsoft.Web/serverFarms/<AppServicePlanName> 

我正在使用RPHelper库中的Invoke-AddCertToKeyVault cmdlet将证书添加到va ult

Write-Host "Reading pfx file from $ExistingPfxFilePath" 
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 $ExistingPfxFilePath, $Password 

$bytes = [System.IO.File]::ReadAllBytes($ExistingPfxFilePath) 
$base64 = [System.Convert]::ToBase64String($bytes) 

$jsonBlob = @{ 
    data = $base64 
    dataType = 'pfx' 
    password = $Password 
    } | ConvertTo-Json 

$contentbytes = [System.Text.Encoding]::UTF8.GetBytes($jsonBlob) 
$content = [System.Convert]::ToBase64String($contentbytes) 

$secretValue = ConvertTo-SecureString -String $content -AsPlainText -Force 

Write-Host "Writing secret to $CertificateName in vault $VaultName. Secret value " $secretValue 
$secret = Set-AzureKeyVaultSecret -VaultName $VaultName -Name $CertificateName -SecretValue $secretValue 

$output = @{}; 
$output.SourceVault = $resourceId; 
$output.CertificateURL = $secret.Id; 
$output.CertificateThumbprint = $cert.Thumbprint; 

你能告诉我什么是错的吗？

Answer 1

根据你的描述，我猜你的模板证书参数有问题。

由于您发布的链接无法访问。我写了一个测试臂模板，效果很好。

我建议你可以按照下面的模板来创建网络应用程序。

注意：

我使用PowerShell来直接启用“Microsoft.Web”资源提供者访问蔚蓝关键库。

Login-AzureRmAccount 
Set-AzureRmContext -SubscriptionId AZURE_SUBSCRIPTION_ID 
Set-AzureRmKeyVaultAccessPolicy -VaultName KEY_VAULT_NAME -ServicePrincipalName abfa0a7c-a6b6-4736-8310-5855508787cd -PermissionsToSecrets get 

结果：

那么你可以使用下面的PowerShell命令插入证书到KeyVault。

$pfxFilePath = "PFX_CERTIFICATE_FILE_PATH" # Change this path 
$pwd = "PFX_CERTIFICATE_PASSWORD" # Change this password 
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable 
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag) 
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12 
$clearBytes = $collection.Export($pkcs12ContentType) 
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes) 
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force 
$secretContentType = 'application/x-pkcs12' 
Set-AzureKeyVaultSecret -VaultName KEY_VAULT_NAME -Name KEY_VAULT_SECRET_NAME -SecretValue $Secret -ContentType $secretContentType # Change Key Vault name and Secret name 

完成此操作后，您可以使用KeyVaultSecretName直接访问KeyVault以获取该值。

总模板：

{ 
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", 
    "contentVersion": "1.0.0.0", 
    "parameters": { 
    "webAppName": { 
     "type": "string", 
     "metadata": { 
     "description": "The name of the web app that you wish to create." 
     } 
    }, 
    "customHostname": { 
     "type": "string", 
     "metadata": { 
     "description": "The custom hostname that you wish to add." 
     } 
    }, 
    "existingKeyVaultId": { 
     "type": "string", 
     "metadata": { 
     "description": "Existing Key Vault resource Id with an access policy to allow Microsoft.Web RP to read Key Vault secrets (Checkout README.md for more information)" 
     } 
    }, 
    "existingKeyVaultSecretName": { 
     "type": "string", 
     "metadata": { 
     "description": "Key Vault Secret that contains a PFX certificate" 
     } 
    } 
    }, 
    "variables": { 
    "appServicePlanName": "[concat(parameters('webAppName'),'-asp-', uniquestring(resourceGroup().id))]", 
    "certificateName": "[concat(parameters('webAppName'),'-cert-', uniquestring(resourceGroup().id))]" 
    }, 
    "resources": [ 
    { 
     "apiVersion": "2016-03-01", 
     "name": "[variables('appServicePlanName')]", 
     "type": "Microsoft.Web/serverfarms", 
     "location": "[resourceGroup().location]", 
     "properties": { 
     "name": "[variables('appServicePlanName')]" 
     }, 
     "sku": { 
     "name": "P1", 
     "tier": "Premium", 
     "size": "1", 
     "family": "P", 
     "capacity": "1" 
     } 
    }, 
    { 
     "apiVersion": "2016-03-01", 
     "name": "[parameters('webAppName')]", 
     "type": "Microsoft.Web/sites", 
     "location": "[resourceGroup().location]", 
     "properties": { 
     "name": "[parameters('webAppName')]", 
     "serverFarmId": "[resourceId('Microsoft.Web/serverFarms',variables('appServicePlanName'))]" 
     }, 
     "dependsOn": [ 
     "[concat('Microsoft.Web/serverFarms/',variables('appServicePlanName'))]" 
     ] 
    }, 
    { 
     "type": "Microsoft.Web/certificates", 
     "name": "[variables('certificateName')]", 
     "apiVersion": "2016-03-01", 
     "location": "[resourceGroup().location]", 
     "properties": { 
     "keyVaultId": "[parameters('existingKeyVaultId')]", 
     "keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]", 
     "serverFarmId": "[resourceId('Microsoft.Web/serverFarms',variables('appServicePlanName'))]" 
     }, 
     "dependsOn": [ 
     "[concat('Microsoft.Web/sites/',parameters('webAppName'))]" 
     ] 
    }, 
    { 
     "type": "Microsoft.Web/sites/hostnameBindings", 
     "name": "[concat(parameters('webAppName'), '/', parameters('customHostname'))]", 
     "apiVersion": "2016-03-01", 
     "location": "[resourceGroup().location]", 
     "properties": { 
     "sslState": "SniEnabled", 
     "thumbprint": "[reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint]" 
     }, 
     "dependsOn": [ 
     "[concat('Microsoft.Web/certificates/',variables('certificateName'))]" 
     ] 
    } 
    ] 
} 

的WebSite.parameters：

{ 
    "$schema": "https://schema.management.azure.com/schemas/2015-08-01/deploymentParameters.json", 
    "contentVersion": "1.0.0.0", 
    "parameters": { 
    "webAppName": { 
     "value": "yourwebappname" 
    }, 
    "customHostname": { 
     "value": "yourcustomdomianname" 
    }, 
    "existingKeyVaultId": { 
     "value": "/subscriptions/subscriptionsID/resourceGroups/resourceGroupsName/providers/Microsoft.KeyVault/vaults/vaultsName" 
    }, 
    "existingKeyVaultSecretName": { 
     "value": "The key vaults SecretName" 
    } 
    } 
} 

结果：