我必须从Azure APIM入站策略内的Azure密钥库中获取根CA,并在策略内验证我请求的客户端证书。为此,我已经关注了链接并能够获得证书https://github.com/galiniliev/api-management-policy-snippets/blob/galin/AkvCert/examples/Look%20up%20Key%20Vault%20certificate%20using%20Managed%20Service%20Identity%20and%20call%20backend.policy.xml
但我无法使用从Azure密钥保管库获取的根CA验证客户端证书以下是我从Azure密钥库获得的根CA的值{"id":https://newdev-keyvault.vault.azure.net/certificates/MyRootCA/bf34888e**********","孩子":"https://newdev-keyvault.vault.azure.net/keys/MyRootCA/bf34888e*************","sid":"https://newdev-keyvault.vault.azure.net/secrets/MyRootCA/bf34888**************","x5t":"gYbnPUooh4D5_OgrmWCEvfDjXso","cer":"MIIDFTCCAf2gAwIBAgIUJYAgKiqYPh+Iq1DFULOmUlhzNTAwDQYJKoZIhvcNAQELBQAwGjELMAkGA1UEBhMCSW4xCzAJBgNVBAoMAlwuMB4XDTIwMDQxNjA4MTgyOFoXDTMwMDQxDA4MTgyOfowGjELMA kGA1UebhMCSW4CzAJbgNVBAo MAlwuMIIBIjANBgkqhkiG9w0BAJEFAOCAQ8AMIBCgKCAQEAs2EOpy+GxFCidiW5hGPVlPXu ZFfgJdZWITLkUQ2SvcuBfLSsKmPkSpYO7TAFESPBWD0z8y3BYAT0hGA2iBhMWzXN0dhbB+bZ6uDdrg0kuGaFmb4fmQ9mydM7cy3ntZA6lf5uTp9RZV4f38laN1l84eM47UaMJjWD9vg/3QsW3yH+8zst2gWfXN7giQFRCMnzYTRD0VOd3N+C3k2mx72d4DowbsngIclDHK0BFUckdK8MaOVIixRRQjFTZ/XjRqhPOCQRbgHHldXfx352eYqzOfYOi/utv8s6Xwl/0Ti3uj2Rth7CwJkQIDAQABo1MUTADBgNVHQ4FgQUZZMEGpRcswKq23a52gqbZcnloAwYDVR0jBBgwFo AUZZMEGPRcswKq23a52gqebZcnloAwDwYDVR0TAKH/BAUwAwEB","attributes":{"enabled":true,"nbf":1587025108,"exp":1902385108,"created":1587036499,"updated":158 7036499recoveryLevel":"可恢复+可清除"}}
有人能帮我验证入站策略中的客户端证书吗?
您从AKV动态获得的证书目前无法用于验证请求中的客户端证书。唯一的方法是将CA证书上传到APIM,然后调用。根据请求验证证书。这将要求您从AKV导出证书,并在每次更改时在APIM中刷新它。