We recently purchased an Azure App Service Certificate. I created a new Key Vault Store in the set up process for this certificate, and imported the certificate.
Now I'm trying to create a local copy of an App Service Certificate, using the powershell script provided here: https://blogs.msdn.microsoft.com/appserviceteam/2017/02/24/creating-a-local-pfx-copy-of-app-service-certificate/
However, I get an error:
Set-AzureRmKeyVaultAccessPolicy : Cannot find the Active Directory object '' in tenant 'my tenant id'. Please make sure that the user or application service principal you are authorizing is registered in the curren t subscription's Azure Active directory. The TenantID displayed by the cmdlet 'Get-AzureRmContext' is the current subsc ription's Azure Active directory. At C:\Projekt\Certificates\Azure\copyasc.ps1:22 char:1...
I'm not sure what else is relevant, but here's a few notes:
The username I'm sending into the failing Set-AzureRmKeyVaultAccessPolicy -UserPrincipalName [email protected], corresponds to the username of the only user I see in the default directory of Azure Active Directory.
This user's ObjectId is in the list of access policies for the keyvault (I see this by adding -Debug to the cmdlet that fails).
There are no keys in the keyvault. There is one (unmanaged) secret, the certificate.
Some threads mention stuff about AD applications. I'm not sure I understood what I read about these. Is this something I need to do when creating a keyvault?
Hope someone can help me? :)
#EXE#@<your AD name>. - Shui shengbaoSet-AzureRmKeyVaultAccessPolicy -ResourceGroupName $keyVaultResourceGroupName -VaultName $keyVaultName -ObjectId $userobjectid -PermissionsToSecrets getshould work for you. - Shui shengbao