[Azure] Use Azure CLI 2.0 to create a self-signed certificate import using the key vault Nginx

Source: Internet
Author: User

Link reference: Https://docs.azure.cn/zh-cn/virtual-machines/linux/tutorial-secure-web-server

The steps to install CLI 2.0 are omitted here.

Start by creating a new resource group:
AZ Group Create--name DANTSTRG--location Chinanorth
One thing to note: The name of the resource group created above must use lowercase letters, do not use the Hump method name, or subsequent AZ VM Format-secret conversion certificate will encounter the following error:
"Parameter ' resource_group_name ' can not be none."

To create a key Vault:
AZ keyvault Create--resource-group dantstrg--name dantstkv--enabled-for-deployment

To generate a certificate:
AZ keyvault Certificate Create--vault-name dantstkv--name mycert--policy "$ (AZ keyvault certificate) "

Use the following two commands to obtain the certificate and convert the certificate:
secret=$ (AZ keyvault secret list-versions--vault-name dantstkv--name mycert--query "[? attributes.enabled].id"- Output TSV)
vm_secrets=$ (az vm format-secret--secrets "$secret")

To view information about the converted certificate that was received:
Echo $VM _secrets


Then use the converted certificate to create a new virtual machine (the created certificate can also be downloaded to the local by using the AZ keyvault certificate download, or downloaded in the admin interface. CER certificate):
AZ vm create-g dantstrg-n dantstvm--admin-username Daniel--image CentOS--secrets "$VM _secrets"--vnet-name DanNorthVN ET--subnet "Subnet-1"

After it is created, SSH directly to the current host into the created virtual machine and switch to/var/lib/waagent below:


Can be seen with this directory under a pair of children. CRT and. prv files. These two files are the certificates we generated earlier.
Copy the contents of these two files (or copy the certificate file).


Let's take a look at the contents of the certificate:



We created two certificate files Test.cert and TEST.PRV on the Nginx machine, and placed them under/etc/nginx/ssl and copied the contents of the above CRT and PRV files separately:




Then we create a test index.html file under/etc/nginx/ssl:


Edit/etc/nginx/nginx.conf File:


Restart the Nginx service, access the virtual machine's IP display the HTML page you just created and view the page certificate:


You can see that the issued by and issued to fields are consistent with the certificates that we generated earlier.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.