问题
I am trying to run the script GetAppConfigSettings.ps1 from Microsoft docs help setting up a Key Vault
The script contains the following
# **********************************************************************************************
# Prep the cert credential data
# **********************************************************************************************
$certificateName = "$applicationName" + "cert"
$myCertThumbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certificateName"-KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Provider "Microsoft Enhanced Cryptographic Provider v1.0" ).Thumbprint
$x509 = (Get-ChildItem -Path cert:\CurrentUser\My\$myCertthumbprint)
$password = Read-Host -Prompt "Please enter the certificate password." -AsSecureString
# Saving the self-signed cert and pfx (private key) in case it's needed later
Export-Certificate -cert $x509 -FilePath ".\$certificateName.cer"
Export-PfxCertificate -Cert $x509 -FilePath ".\$certificateName.pfx" -Password $password
Running the script ( after setting the variables) produces the following error
New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Provider type not defined.
0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
At \\tsclient\E\EShared\Dev\Microsoft.Azure.KeyVault.Samples-2016.11.22
(1)\Microsoft.Azure.KeyVault.Samples\scripts\GetAppConfigSettings.ps1:38 char:22
+ ... umbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certifi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-SelfSignedCertificate], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedC
ertificateCommand
[Update]
Microsoft Support advised me to change the provider to "Microsoft Platform Crypto Provider"
However I still get the error.
For Powershell, $PSVersionTable reports 5.1.17134.112
I have Version 5.7.0 of AzureRM installed
回答1:
Microsoft support helped me out with this line
$myCertThumbprint = (New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My
-subject MyCert -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(10)
-Type CodeSigningCert -KeySpec Signature).Thumbprint
The AuthClientId and AuthCertThumbprint values I need for the HelloKeyVault app.config are created.
The AuthClientId displays in the portal as the Application ID and is vissible in the Registered app settings.
To get to it click Azure Active Directory -> App registrations Then click View all applications click on the application then settings
To see the Thumbprint doe the same and then click Keys
I can see AuthClientId
回答2:
Please use this sample to learn how to use Key Vault with DotNet and authenticate to Azure Active Directory with a Service Principal's Certificate https://github.com/Azure-Samples/key-vault-dotnet-quickstart
来源:https://stackoverflow.com/questions/50921099/invalid-provider-type-specified-cryptographicexception