The script below will generate a self-signed certificate, create a password secured pfx and add the certificate to the key vault. When I run the ARM template after the script, it fails with the error below. However, when I manually upload the pfx in the UI (Azure portal) and enter the correct password, the ARM template will get successfully deployed. Any ideas how to get this working?
PowerShell code (when uploading the generated pfx in the portal, no error is thrown):
# Generate the certificate in the local store
$cert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -Subject "CN=$certificateName" -KeyExportPolicy Exportable
# Get the raw value of the certificate
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
Export-PfxCertificate -Cert $cert -Password $certPasswordSecure -FilePath "d:/temp/SelfSigned.pfx"
$secret = ConvertTo-SecureString -String $keyValue -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName $keyVaultName -Name $keyVaultSecretNameCertificate -SecretValue $keyValue -ContentType $secretContentType
The error:
New-AzureRmResourceGroupDeployment : 21:22:36 - Resource Microsoft.Web/certificates 'testCertificate' failed with message '{
"Code": "BadRequest",
"Message": "The parameter KeyVault Certificate has an invalid value.",
"Target": null,
"Details": [
{
"Message": "The parameter KeyVault Certificate has an invalid value."
},
{
"Code": "BadRequest"
},
{
"ErrorEntity": {
"Code": "BadRequest",
"Message": "The parameter KeyVault Certificate has an invalid value.",
"ExtendedCode": "51008",
"MessageTemplate": "The parameter {0} has an invalid value.",
"Parameters": [
"KeyVault Certificate"
],
"InnerErrors": null
}
}
],
"Innererror": null
}'
At line:3 char:1
+ New-AzureRmResourceGroupDeployment -Name TestKeyVaultDeploy -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : 21:23:11 - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations
for details. Please see https://aka.ms/arm-debug for usage details.
At line:3 char:1
+ New-AzureRmResourceGroupDeployment -Name TestKeyVaultDeploy -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : 21:23:11 - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations
for details. Please see https://aka.ms/arm-debug for usage details.
At line:3 char:1
+ New-AzureRmResourceGroupDeployment -Name TestKeyVaultDeploy -Resource ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
ARM Certificate Resource:
{
"type": "Microsoft.Web/certificates",
"name": "testCertificate",
"apiVersion": "2016-03-01",
"location": "[resourceGroup().location]",
"properties": {
"keyVaultId": "[parameters('masterKeyVaultId')]",
"keyVaultSecretName": "[parameters('servicePrincipalCertSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('appServicePlanName'))]"
}
},
