[Azure] Use Azure CLI 2.0 to create a self-signed certificate import using the key vault Nginx

Link reference: Https://docs.azure.cn/zh-cn/virtual-machines/linux/tutorial-secure-web-server

The steps to install CLI 2.0 are omitted here.

Start by creating a new resource group:
AZ Group Create--name DANTSTRG--location Chinanorth
One thing to note: The name of the resource group created above must use lowercase letters, do not use the Hump method name, or subsequent AZ VM Format-secret conversion certificate will encounter the following error:
"Parameter ' resource_group_name ' can not be none."

To create a key Vault:
AZ keyvault Create--resource-group dantstrg--name dantstkv--enabled-for-deployment

To generate a certificate:
AZ keyvault Certificate Create--vault-name dantstkv--name mycert--policy "$ (AZ keyvault certificate) "

Use the following two commands to obtain the certificate and convert the certificate:
secret=$ (AZ keyvault secret list-versions--vault-name dantstkv--name mycert--query "[? attributes.enabled].id"- Output TSV)
vm_secrets=$ (az vm format-secret--secrets "$secret")

To view information about the converted certificate that was received:
Echo $VM _secrets


Then use the converted certificate to create a new virtual machine (the created certificate can also be downloaded to the local by using the AZ keyvault certificate download, or downloaded in the admin interface. CER certificate):
AZ vm create-g dantstrg-n dantstvm--admin-username Daniel--image CentOS--secrets "$VM _secrets"--vnet-name DanNorthVN ET--subnet "Subnet-1"

After it is created, SSH directly to the current host into the created virtual machine and switch to/var/lib/waagent below:


Can be seen with this directory under a pair of children. CRT and. prv files. These two files are the certificates we generated earlier.
Copy the contents of these two files (or copy the certificate file).


Let's take a look at the contents of the certificate:



We created two certificate files Test.cert and TEST.PRV on the Nginx machine, and placed them under/etc/nginx/ssl and copied the contents of the above CRT and PRV files separately:




Then we create a test index.html file under/etc/nginx/ssl:


Edit/etc/nginx/nginx.conf File:


Restart the Nginx service, access the virtual machine's IP display the HTML page you just created and view the page certificate:


You can see that the issued by and issued to fields are consistent with the certificates that we generated earlier.