续订应用程序网关证书Renew Application Gateway certificates

在某种情况下,如果为 TLS/SSL 加密配置了应用程序网关,则需要续订证书。At some point, you'll need to renew your certificates if you configured your application gateway for TLS/SSL encryption.

可以使用 Azure 门户、Azure PowerShell 或 Azure CLI 续订与侦听器关联的证书:You can renew a certificate associated with a listener using either the Azure portal, Azure PowerShell, or Azure CLI:

Azure 门户Azure portal

若要从门户续订侦听器证书,请导航到应用程序网关侦听器。To renew a listener certificate from the portal, navigate to your application gateway listeners. 选择具有需要续订的证书的侦听器,然后选择“续订或编辑所选证书”。Select the listener that has a certificate that needs to be renewed, and then select Renew or edit selected certificate.

续订证书

上传新的 PFX 证书,为其命名,输入密码,然后选择“保存”。Upload your new PFX certificate, give it a name, type the password, and then select Save.

Azure PowerShellAzure PowerShell

备注

本文已经过更新,以便使用 Azure Az PowerShell 模块。This article has been updated to use the Azure Az PowerShell module. 若要与 Azure 交互,建议使用的 PowerShell 模块是 Az PowerShell 模块。The Az PowerShell module is the recommended PowerShell module for interacting with Azure. 若要开始使用 Az PowerShell 模块,请参阅安装 Azure PowerShellTo get started with the Az PowerShell module, see Install Azure PowerShell. 若要了解如何迁移到 Az PowerShell 模块,请参阅 将 Azure PowerShell 从 AzureRM 迁移到 AzTo learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

若要使用 Azure PowerShell 续订证书,请使用以下脚本:To renew your certificate using Azure PowerShell, use the following script:

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName <ResourceGroup> `
  -Name <AppGatewayName>

$password = ConvertTo-SecureString `
  -String "<password>" `
  -Force `
  -AsPlainText

set-AzApplicationGatewaySSLCertificate -Name <oldcertname> `
-ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password

Set-AzApplicationGateway -ApplicationGateway $appgw

Azure CLIAzure CLI

az network application-gateway ssl-cert update \
  -n "<CertName>" \
  --gateway-name "<AppGatewayName>" \
  -g "ResourceGroupName>" \
  --cert-file <PathToCerFile> \
  --cert-password "<password>"

后续步骤Next steps

若要了解如何使用 Azure 应用程序网关配置 TLS 卸载,请参阅配置 TLS 卸载To learn how to configure TLS Offloading with Azure Application Gateway, see Configure TLS Offload