Share via

Troubleshooting "The specified X.509 certificate content is invalid" Error When Importing to Azure Key Vault

Harmanjeet Singh Deol 0 Reputation points
2024-10-17T04:17:38.08+00:00

I encountered the error "The specified X.509 certificate content is invalid. Error: One or more X.509 properties are invalid." while attempting to import a certificate from Cybersource into Azure Key Vault.

The command used was:

az keyvault certificate import --vault-name $keyvaultName --name "Facade-CyberSourceClientCertificate" --file "C:\Users\XXXXX\Downloads\wpay_portfolio.pfx" --password "XXXXXXXXXX"

The error returned does not specify what is wrong, even though the certificate imports successfully on my local machine.

User's image

Using the certutil command, I checked the certificate with:

certutil -dump Downloads/wpay_portfolio.pfx

output of above is

Certificates: Not Encrypted
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: 33323639303436323233383030313638363236323230
Issuer: CN=CyberSourceCertAuth
 NotBefore: 5/06/2021 6:58 AM
 NotAfter: 5/06/2025 6:58 AM
Subject: CN=CyberSourceCertAuth
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 48e7f4e2cca3dae258b2817d5ca65aa86f4925b9
----------------  End Nesting Level 1  ----------------
No key provider information
Cannot find the certificate and private key for decryption.
================ Certificate 1 ================
================ Begin Nesting Level 1 ================
Element 1:
Serial Number: 31363930333939323936343131303138373234333033
Issuer: CN=CyberSource Transactional Test Issuing CA, OU=CyberSource, O=Visa, C=US
 NotBefore: 27/07/2023 6:21 AM
 NotAfter: 27/07/2026 6:21 AM
Subject: SERIALNUMBER=1690399296411018724303, CN=CyberSource_SJC_US
Non-root Certificate
Cert Hash(sha1): 73cb7e8c2cf9f9e33983aa3e621a96fbcb542342
----------------  End Nesting Level 1  ----------------
No key provider information
Cannot find the certificate and private key for decryption.
================ Certificate 2 ================
================ Begin Nesting Level 1 ================
Element 2:
Serial Number: 37323930333636373534383630313737303431343939
Issuer: CN=CyberSourceCertAuth
 NotBefore: 16/10/2024 10:57 AM
 NotAfter: 16/10/2026 10:57 AM
Subject: SERIALNUMBER=7290366754860177041499, CN=wpay_portfolio
Non-root Certificate
Cert Hash(sha1): a9b9d076ffaf3fc5b2c7c0e95c6a3bb5991d99bb
----------------  End Nesting Level 1  ----------------
  Key Container = PfxContainer
  Provider = PfxProvider
Encryption test FAILED
CertUtil: -dump command completed successfully.

What are the recommended steps to diagnose and resolve this issue when importing a certificate into Azure Key Vault?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,310 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 32,991 Reputation points Microsoft Employee
    2024-10-17T06:25:23.25+00:00

    @Harmanjeet Singh Deol Thank you for reaching out to us and after reviewing the certutil dump details which you shared above from output I see encryption test failed (last few lines).

    What is the key usage of this certificate ? What I understand from encryption test failed there is an issue while exporting the private key.

    Would recommend to run this command certutil -repairstore - Repairs a key association or update certificate properties.

    Let me know if you have any further questions, feel free to post back.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.