How to import a self-signed cert to azure keyvault

0
votes

I need to automate creating a keyvault and adding two certificates to the vault. I have one self-signed without a password and one wildcard cert signed from a valid authority.

When I try and import them the signed cert gets added fine but the self-signed returns an error...

  • Import-AzureKeyVaultCertificate : Pending Certificate not found: cluster-app-primary At script.ps1:18 char:1
  • Import-AzureKeyVaultCertificate -VaultName $name -Name 'cluster-app...
  •   + CategoryInfo          : CloseError: (:) [Import-AzureKeyVaultCertificate], KeyVaultErrorException
  + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.ImportAzureKeyVaultCertificate

The powershell code is as follows:

Import-AzureKeyVaultCertificate -VaultName $name -Name 'cluster-app-primary' -FilePath "..\..\Certificates\cluster-app-primary.pfx"

Now the exact same command with the other certificate works fine (with a password though).

Also note that if I try and import the self-signed certificate through the Azure portal it works fine.

Does anyone know what this error means and is there anything I can do to import this thru powershell?

Thanks.

2
azurepowershellazure-keyvault
Any update this issue? - Joy Wang-MSFT

2 Answers

0
votes

I think this issue related to your self-signed cert, the command works fine on my side. Try to create a pfx certificate with a password like below, becasue when you import the certificate in the portal, it also asks for a password.

$certroopath = "C:\Users\Administrator\Desktop"
$certname = "mycert1"
$certpassword = "P@ssw0rd1234"

$cert = New-SelfSignedCertificate -DnsName "$certname" -CertStoreLocation cert:\CurrentUser\My
$pwd = ConvertTo-SecureString -String $certpassword -Force -AsPlainText
$certwithThumb = "cert:\CurrentUser\my\"+$cert.Thumbprint
$filepath = "$certroopath\$certname.pfx"
Export-PfxCertificate -cert $certwithThumb -FilePath $filepath -Password $pwd

enter image description here

Then import it to azure keyvault, it works fine.

$mypwd = ConvertTo-SecureString -String "P@ssw0rd1234" -Force -AsPlainText
Import-AzKeyVaultCertificate -VaultName joykeyvault -Name testc1 -FilePath C:\Users\Administrator\Desktop\mycert1.pfx -Password $mypwd

enter image description here

0
votes

UPDATE

I could not get this to work so what I did was use the CertificateString parameter instead. I just took the string of the exact same certificate and it worked fine and imported it.

Import-AzKeyVaultCertificate -VaultName $name -Name $certName -CertificateString "MII..."