Cannot import base64 encoded certificate string using PowerShell and Bicep

David 31 Reputation points

I have a self signed PFX certificate then I can manually import into my Key Vault without any problems.

But I'm trying to import this certificate in Azure Key Vault with the Import-AzKeyVaultCertificate command using the -CertificateString parameter. But when I do that I get the following error:

Import-AzKeyVaultCertificate : The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format. Status: 400 (Bad Request)

I converted my PFX certificate into a Base64 string using PowerShell:

$fileContentBytes = get-content ".\myCert.pfx" -Encoding Byte  
[System.Convert]::ToBase64String($fileContentBytes) | Out-File ".\pfx-base64.txt"  

I then use that string in PowerShell like so:

$Secure_String_Pwd = ConvertTo-SecureString "MySecretPassword" -AsPlainText -Force;  
Import-AzKeyVaultCertificate -VaultName "MyKeyVault" -Name "cert-signing" -CertificateString "MIIJagIBAzCCCSYGCS.....9oV21QwICB9A=" -Password $Secure_String_Pwd;  

But this results in the error I showed earlier.

When I use -FilePath instead of -CertificateString then it also works without any problems. So I guess it is safe to assume that the certificate is good.

But why is it throwing an error when I use -CertificateString? What am I missing?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
772 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
4,952 questions
{count} votes

Accepted answer
  1. Shweta Mathur 15,066 Reputation points Microsoft Employee

    Hi @David ,

    Thanks for reaching out.

    Your understanding is correct as this issue was identified as bug and has been fixed from our end and would be released next month.

    The release version will be 9.2 and would be available using deploymentScripts in a Bicep/ARM template after 12th December 2022.

    Hope this will help you.



    Please remember to "Accept Answer" if answer helped you.

0 additional answers

Sort by: Most helpful