I have a self signed PFX certificate then I can manually import into my Key Vault without any problems.
But I'm trying to import this certificate in Azure Key Vault with the Import-AzKeyVaultCertificate
command using the -CertificateString
parameter. But when I do that I get the following error:
Import-AzKeyVaultCertificate : The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format. Status: 400 (Bad Request)
I converted my PFX certificate into a Base64 string using PowerShell:
$fileContentBytes = get-content ".\myCert.pfx" -Encoding Byte
[System.Convert]::ToBase64String($fileContentBytes) | Out-File ".\pfx-base64.txt"
I then use that string in PowerShell like so:
$Secure_String_Pwd = ConvertTo-SecureString "MySecretPassword" -AsPlainText -Force;
Import-AzKeyVaultCertificate -VaultName "MyKeyVault" -Name "cert-signing" -CertificateString "MIIJagIBAzCCCSYGCS.....9oV21QwICB9A=" -Password $Secure_String_Pwd;
But this results in the error I showed earlier.
When I use -FilePath
instead of -CertificateString
then it also works without any problems. So I guess it is safe to assume that the certificate is good.
But why is it throwing an error when I use -CertificateString
? What am I missing?