如何在 Azure API 管理中添加自定义 CA 证书How to add a custom CA certificate in Azure API Management

Azure API 管理允许在受信任的根证书和中间证书存储中的计算机上安装 CA 证书。Azure API Management allows installing CA certificates on the machine inside the trusted root and intermediate certificate stores. 如果服务需要自定义 CA 证书,则应使用此功能。This functionality should be used if your services require a custom CA certificate.

本文介绍如何在 Azure 门户中管理 Azure API 管理服务实例的 CA 证书。The article shows how to manage CA certificates of an Azure API Management service instance in the Azure portal.

备注

本文已经过更新,以便使用 Azure Az PowerShell 模块。This article has been updated to use the Azure Az PowerShell module. 若要与 Azure 交互,建议使用的 PowerShell 模块是 Az PowerShell 模块。The Az PowerShell module is the recommended PowerShell module for interacting with Azure. 若要开始使用 Az PowerShell 模块,请参阅安装 Azure PowerShellTo get started with the Az PowerShell module, see Install Azure PowerShell. 若要了解如何迁移到 Az PowerShell 模块,请参阅 将 Azure PowerShell 从 AzureRM 迁移到 AzTo learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

可用性Availability

重要

此功能在 API 管理的“高级”、“标准”、“基本”和“开发人员”层中可用。This feature is available in the Premium, Standard, Basic and Developer tiers of API Management.

上传 CA 证书 Upload a CA certificate

添加 CA 证书

请按照以下步骤来上传新的 CA 证书。Follow the steps below to upload a new CA certificate. 如果尚未创建 API 管理服务实例,请参阅教程创建 API 管理服务实例If you have not created an API Management service instance yet, see the tutorial Create an API Management service instance.

  1. 在 Azure 门户中导航到 Azure API 管理服务实例。Navigate to your Azure API Management service instance in the Azure portal.

  2. 从菜单中选择“CA 证书”。Select CA certificates from the menu.

  3. 单击“+ 添加”按钮。Click the + Add button.

    屏幕截图,显示用于添加 CA 证书的“+ 添加”按钮。

  4. 浏览证书并选定证书存储。Browse for the certificate and decide on the certificate store. 仅需要公钥,因此不需要密码。Only the public key is needed, so the password is not required.

    显示如何浏览证书的屏幕截图。

  5. 单击“保存” 。Click Save. 此操作可能需要几分钟的时间。This operation may take a few minutes.

    显示如何保存证书的屏幕截图。

备注

可以使用 New-AzApiManagementSystemCertificate Powershell 命令上传 CA 证书。You can upload a CA certificate using the New-AzApiManagementSystemCertificate Powershell command.

删除客户端证书 Delete a client certificate

若要删除证书,请单击上下文菜单“...”并选择该证书旁边的“删除”。To delete a certificate, click context menu ... and select Delete beside the certificate.

删除 CA 证书