locked
Import Certificate to key vault using azure cli RRS feed

  • Question

  •  

    I'm using command: az keyvault certificate import --vault-name keyvault_name -n certificate_name -f file for import certificate to key vault.

    But it shows error message "Private key is not specified in the specified X.509 PEM certificate content. Please specify private key in the X.509 PEM certificate content."

    Please let me know if any one solved this issue.



    Friday, October 11, 2019 5:39 AM

Answers

  • Prabhakar Malipatil, I tested this out and I used the following a cli to create a .pem cert for a Service Principal

    $service_principal = $(az ad sp create-for-rbac --create-cert)

    $cert_file = $(echo $service_principal | jq .fileWithCertAndPrivateKey -r)

    and then used the following cli cmdlet to upload/import the .pem cert to the KeyVault:

    az keyvault certificate import --vault-name vaultname -n cert_name -f cert_file

    This works perfectly fine.

    If the .pem certificate still fails,then make sure the PEM is in correct format. You can create a self-signed cert using OpenSSL:

    openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certout.pem
    cat certout.pem key.pem > certfile.pem

    The generated certfile.pem looks like:

    -----BEGIN CERTIFICATE-----
    MIID2TCCAsGg...
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    MIIEvQIBADAN...
    -----END PRIVATE KEY-----
    

    Then it can be uploaded successfully.

    az keyvault certificate import --file certfile.pem --name mycert1 --vault-name xxx

     

    ---------------------------------------------------------------------------------------------------------------------------------------

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


    Friday, October 11, 2019 9:07 AM

All replies

  • Prabhakar Malipatil, I tested this out and I used the following a cli to create a .pem cert for a Service Principal

    $service_principal = $(az ad sp create-for-rbac --create-cert)

    $cert_file = $(echo $service_principal | jq .fileWithCertAndPrivateKey -r)

    and then used the following cli cmdlet to upload/import the .pem cert to the KeyVault:

    az keyvault certificate import --vault-name vaultname -n cert_name -f cert_file

    This works perfectly fine.

    If the .pem certificate still fails,then make sure the PEM is in correct format. You can create a self-signed cert using OpenSSL:

    openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certout.pem
    cat certout.pem key.pem > certfile.pem

    The generated certfile.pem looks like:

    -----BEGIN CERTIFICATE-----
    MIID2TCCAsGg...
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    MIIEvQIBADAN...
    -----END PRIVATE KEY-----
    

    Then it can be uploaded successfully.

    az keyvault certificate import --file certfile.pem --name mycert1 --vault-name xxx

     

    ---------------------------------------------------------------------------------------------------------------------------------------

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


    Friday, October 11, 2019 9:07 AM
  • Prabhakar MalipatilI wanted to touch base with you to check if the above response helped in answering your queries or not. If not do let us know the queries that are still there around this issue, so that we can help you better.

    In case, the above response helped in answering your query, please mark the response above as "Answer", so that it helps others too.

    Tuesday, October 15, 2019 5:03 AM
  • Prabhakar MalipatilI wanted to touch base with you to check if the above response helped in answering your queries or not. If not do let us know the queries that are still there around this issue, so that we can help you better.

    In case, the above response helped in answering your query, please mark the response above as "Answer", so that it helps others too.

    Monday, October 21, 2019 4:51 AM