Cannot import base64 encoded certificate string using PowerShell and Bicep

Question

I have a self signed PFX certificate then I can manually import into my Key Vault without any problems.

But I'm trying to import this certificate in Azure Key Vault with the Import-AzKeyVaultCertificate command using the -CertificateString parameter. But when I do that I get the following error:

Import-AzKeyVaultCertificate : The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format. Status: 400 (Bad Request)

I converted my PFX certificate into a Base64 string using PowerShell:

$fileContentBytes = get-content ".\myCert.pfx" -Encoding Byte  
[System.Convert]::ToBase64String($fileContentBytes) | Out-File ".\pfx-base64.txt"  

I then use that string in PowerShell like so:

$Secure_String_Pwd = ConvertTo-SecureString "MySecretPassword" -AsPlainText -Force;  
Import-AzKeyVaultCertificate -VaultName "MyKeyVault" -Name "cert-signing" -CertificateString "MIIJagIBAzCCCSYGCS.....9oV21QwICB9A=" -Password $Secure_String_Pwd;  

But this results in the error I showed earlier.

When I use -FilePath instead of -CertificateString then it also works without any problems. So I guess it is safe to assume that the certificate is good.

But why is it throwing an error when I use -CertificateString? What am I missing?

Answer 1

Hi @David ,

Thanks for reaching out.

Your understanding is correct as this issue was identified as bug and has been fixed from our end and would be released next month.

The release version will be 9.2 and would be available using deploymentScripts in a Bicep/ARM template after 12th December 2022.

Hope this will help you.

Thanks,
Shweta

----------------------------------

Please remember to "Accept Answer" if answer helped you.