Share via

Merge Signed Request in Azure Key Vault with DigiCert Certificate Files

John Bryant 0 Reputation points
2023-07-19T15:55:54.47+00:00

We are attempting to renew a SSL certificate for our website. We utilize Azure Key Vault to store our SSL certificate, and it now needs to be renewed. In Key Vault, a new version of our certificate was created where the content type should be PKCS#12. The new Certificate Operation allows us to download the CSR.

This CSR was used to renew the SSL certificate on DigiCert. DigiCert provides a ZIP file containing three CRT files. In Key Vault for the Certificate Operation, there is an action to Merge Signed Request where a file must be uploaded. It is unclear which CRT file needs to be uploaded here. These three CRT files seem to be the primary domain certificate, the intermediate certificate, and the trusted root certificate.

Do all three files need to be merged and then uploaded to the Key Vault Certificate Opertion? Can NotePad++ be used to paste the entire body of each certificate and save the file type as .p12?

Does OpenSSL need to be used to merge these three files first before uploading to the Certificate Operation? If so, the openssl pkcs12 -export command requires the -inkey parameter. None of the CRT files seem to be the private key, so the above command won't work in this case.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,163 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,011 Reputation points Microsoft Employee
    2023-07-20T09:09:52.92+00:00

    @John Bryant ,

    Thank you for posting your query on Microsoft Q&A.

    From above description I could understand that you have Generated a CSR from Azure Key vault and got it signed by the Digicert CA. In response to the CSR you have got a full certificate chain (Primary domain, intermediate and trusted root certificate) now you are trying to merge the signed request.

    Please do correct me if this is not the case by responding in the comments section.

    Once CSR is uploaded, kindly download the certificate chain as .P7B file from DigiCert and upload it in merge signed request and Azure Key Vault will merge the entire chain.

    User's image

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.