SSL Certificate is not found in /var/lib/waagent/ for Linux Azure VM
I am trying to add an SSL certificate for my website hosted in a Linux Virtual Machine. I added the certificate successfully doing this:
$certURL=(Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name $key).id
$vm=Get-AzureRmVM -ResourceGroupName $resourceGroup -Name $vmName
$vaultId=(Get-AzureRmKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateUrl $certURL
Update-AzureRmVM -ResourceGroupName $resourceGroup -VM $vm
Then, I checked that the certificate was added successfully:
az vm secret list --name $vmName --resource-group $resourceGroup
[
{
"sourceVault": {
"id": "/subscriptions/...."
},
"vaultCertificates": [
{
"certificateStore": null,
"certificateUrl": "https://name.vault.azure.net:443/secrets/ssl/123456ABCDFG (example)"
}
]
}
]
However, when I check in /var/lib/waagent/, I can't find the certificate 123456ABCDFG. I don't know where it is?
I just followed the Tutorial: Secure a web server on a Linux virtual machine in Azure with SSL certificates stored in Key Vault. When you create a VM, certificates and keys are stored in the protected /var/lib/waagent/ directory.
In fact, the SSL certificate is referenced by the version ID in certificateUrl, the 123456ABCDFG is the CURRENT VERSION of your certificate in your key vault.
Check the Version
Check the certificate Thumbprint, the certificate is indeed there.
In addition, I validated your Powershell commands with az module, it also works on my side.
$certURL=(Get-azKeyVaultSecret -VaultName $keyVaultName -Name $key).id
$vm=Get-azVM -ResourceGroupName $resourceGroup -Name $vmName
$vaultId=(Get-azKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
$vm = Add-azVMSecret -VM $vm -SourceVaultId $vaultId -CertificateUrl $certURL
Update-azVM -ResourceGroupName $resourceGroup -VM $vm
Edit
If you would like to run scripts developed for AzureRM module using Az module, use the Enable/Disable-AzureRmAlias cmdlets to add or remove aliases from AzureRM cmdlets to Az cmdlets. Refer to more details here. The AzureRm module will be retired, it's recommended to use the new Az module.
I test your old PowerShell commands as below:
- How to display only different rows using diff (bash)
- Why the first client seems to have source ip of 0.0.0.0?
- How to fix "cannot find -lxcb" error during cargo install?
- How to find the location of a specific "include" library in Python?
- Automate mysql_secure_installation with echo command via a shell script
- shell script: search and replace over multiple lines
- readelf -R (--relocated-dump) option
- Handling arbitrary arguments portably in AWK
- Copy Paste Command in Text Based Linux Server (No GUI)
- Possible values for `uname -m`
- Use grep to match a pattern in a line only once
- Bash command to check if Oracle or OpenJDK java version is installed on Linux
- Source code of linux init process
- execute a.out at a specific date/time on linux
- Regex for whitespace delimiter except for [ and ] characters
- The \w in PS1 cannot deal as string?
- Failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in Linux server
- sed command with -i option failing on Mac, but works on Linux
- Find out which thread/process is consuming CPU
- Display two files side by side
- production server can't pass npm run build
- Looking for a method to replace a PNG's transparent background with any other color in Linux without using ImageMagick
- Is there a way to look for a flag in a man page?
- How can I run several test files with Pytest?
- ibmcom/db2 docker image fails on m1
- Python [Errno 98] Address already in use
- How to make cargo use another path to compile instead of /tmp (No space left on device (os error 28))
- Fixing error: *** No rule to make target '/usr/lib/x86_64-linux-gnu/libdl.so'
- How do I access FastAPI URL from my docker application?
- Creating classes and objects using bash scripting