续订应用程序网关证书Renew Application Gateway certificates

在某种情况下,如果为 TLS/SSL 加密配置了应用程序网关,则需要续订证书。At some point, you'll need to renew your certificates if you configured your application gateway for TLS/SSL encryption.

可以使用 Azure 门户、Azure PowerShell 或 Azure CLI 续订与侦听器关联的证书:You can renew a certificate associated with a listener using either the Azure portal, Azure PowerShell, or Azure CLI:

Azure 门户Azure portal

若要从门户续订侦听器证书,请导航到应用程序网关侦听器。To renew a listener certificate from the portal, navigate to your application gateway listeners. 单击具有需要续订的证书的侦听器,然后单击“续订或编辑所选证书” 。Click the listener that has a certificate that needs to be renewed, and then click Renew or edit selected certificate.

续订证书

上传新的 PFX 证书,为其命名,输入密码,然后单击“保存” 。Upload your new PFX certificate, give it a name, type the password, and then click Save.

Azure PowerShellAzure PowerShell

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

若要使用 Azure PowerShell 续订证书,请使用以下脚本:To renew your certificate using Azure PowerShell, use the following script:

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName <ResourceGroup> `
  -Name <AppGatewayName>

$password = ConvertTo-SecureString `
  -String "<password>" `
  -Force `
  -AsPlainText

set-AzApplicationGatewaySSLCertificate -Name <oldcertname> `
-ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password

Set-AzApplicationGateway -ApplicationGateway $appgw

Azure CLIAzure CLI

az network application-gateway ssl-cert update `
  -n "<CertName>" `
  --gateway-name "<AppGatewayName>" `
  -g "ResourceGroupName>" `
  --cert-file <PathToCerFile> `
  --cert-password "<password>"

后续步骤Next steps

若要了解如何使用 Azure 应用程序网关配置 TLS 卸载,请参阅配置 TLS 卸载To learn how to configure TLS Offloading with Azure Application Gateway, see Configure TLS Offload