How to fix “The private key is not present in the X.509 certificate”

0
votes

at the moment I´m working in azure with azure automation and automation account. For executing a runbook I want to authenticate me with a service principal + certificate. Unfortunately I get the error message "The private key is not present in the X.509 certificate". I will use:

Add-AzureRmAccount -ServicePrincipal -Tenant xxx -ApplicationId xxx -CertificateThumbprint xxx

But with Login-AzureRmAccount and Connect-AzureRmAccount I get the same error message.

What have I done so far? Since I´m working in a big company I can´t use a self-signed certificate. Our team have created a .cer-File and .key (Private Key) file for me. After some testing I find out that I need something like this:

Example

Furthermore, I know that I can get this with an .pfx file but this is not accepted from the other team, which will import the certificate to my service principal since they only accept .cer files.

How can I get a .cer file with an public key included?

Thanks a lot!

1
azurecertificatex509certificateclient-certificatesazure-automation
How do you use the certificate file when working with Azure? Do you pass it into cmd line?Oleg
Can you add your certificate(.cer or .pfx) in the shared resources in the automation account?Nancy Xiong
@Oleg: Unfortunaltey, I don´t know since I just pass the .cer file to a service team which do it for me.Alex
@NancyXiong: I can add it but it will have no affect. Already tried that as wellAlex

1 Answers

0
votes

Your certificate needs to include the private key if you want to sign in with it, which from the error message appears missing. A certificate with the private key included should have a file name of ~.pfx. For reference, check the MS doco here: "Clients which sign in with the service principal also need access to the certificate's private key"