Using api to get private key of certificate from Azure Key Vault is different from .pfx file

Xinyi (Echo) Wen 0 Reputation points
2023-02-24T10:48:28.03+00:00

Hi I'm trying to retrive the private key of a certificate I stored in Azure Key Vault.
This is what my pfx file looks like:

Array
(
    [cert] => -----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIUJ3cxAHjVinLmd9mg2oruC25Z5EQwDQYJKoZIhvcNAQEL
BQAwgaUxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ
TWVsYm91cm5lMRgwFgYDVQQKDA9Td29vcCBBbmFseXRpY3MxFDASBgNVBAsMC0Rl
dmVsb3BtZW50MRIwEAYDVQQDDAlYaW55aSBXZW4xKzApBgkqhkiG9w0BCQEWHHhp
bnlpLndlbkBzd29vcGFuYWx5dGljcy5jb20wHhcNMjMwMjIwMjM1NzQ1WhcNMjQw
MjIwMjM1NzQ1WjCBpTELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIw
EAYDVQQHDAlNZWxib3VybmUxGDAWBgNVBAoMD1N3b29wIEFuYWx5dGljczEUMBIG
A1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAMMCVhpbnlpIFdlbjErMCkGCSqGSIb3
DQEJARYceGlueWkud2VuQHN3b29wYW5hbHl0aWNzLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKdmQ8E2aiIpczI2503ZCkEms3M4vCZ49PBUMuJ5
LMWVjL+rwTLh5vegz+/bCghTWWEvfBplnUM4X/byqkzs0AUpiEGuIY1uU/wesaVd
ChN3i1dBOefw3pem3hgpsOe/TDfKXExwK724yZ4FgYt97m6dxBymmYhmeH5/8MZZ
mL34yWzbThRr4pKKSMX5tghoD7mRX3IJXqctODMlbp98NJVbeCx/LlcfV0VG5irg
Oj0hqWvxHI/CpNnqPKpwSNPxrvrrpFAbAHswAZMRKYKLyhBZ3EL3TiWISL1evCPs
Y+/aIrKNvgdNvwsooiW8AD8MJ3bu5RzhIb3DfHYCdywuTesCAwEAAaNTMFEwHQYD
VR0OBBYEFAQmvD5734EIeDScuoaeCWiyC3qVMB8GA1UdIwQYMBaAFAQmvD5734EI
eDScuoaeCWiyC3qVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
ACzPbKswNkwS1AT7AWmDFiHcbgG7zCQwTGiQd0WRi0ttOjaLyFEGYjFtaDfxYTja
XhmhZdc9H2HRB8t1aiE+8rovYF2TFAKJoFBokL7xNDQYUITU2rqQVFq7l7V3D8Jc
z12g1BHI9EIyYNl09S5At5VMPZQ267Ewvao7R/eOkD/aXmgByjX3ZJ3o0o1JgwC6
qcvoTWKz4QsOGdSwNOsY+FaG5jVQ3BP1DZHHXc8b3ehE0NnTF/VYveTmXKVun7MO
ANZasGI5rUdzsKE3mbKrttITt1dYpjlRa+5D5nIFY4oprmKSXRlvPjCkpQr4MO2U
pSblxKhYIRxY2F4hcjSqowQ=
-----END CERTIFICATE-----

    [pkey] => -----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCnZkPBNmoiKXMy
NudN2QpBJrNzOLwmePTwVDLieSzFlYy/q8Ey4eb3oM/v2woIU1lhL3waZZ1DOF/2
8qpM7NAFKYhBriGNblP8HrGlXQoTd4tXQTnn8N6Xpt4YKbDnv0w3ylxMcCu9uMme
BYGLfe5uncQcppmIZnh+f/DGWZi9+Mls204Ua+KSikjF+bYIaA+5kV9yCV6nLTgz
JW6ffDSVW3gsfy5XH1dFRuYq4Do9Ialr8RyPwqTZ6jyqcEjT8a7666RQGwB7MAGT
ESmCi8oQWdxC904liEi9Xrwj7GPv2iKyjb4HTb8LKKIlvAA/DCd27uUc4SG9w3x2
AncsLk3rAgMBAAECggEAeq07IjFafkaaIUaTJD3WggB2qg399MPX3PgXglkDMply
WFTqdPuQZBD50fFX3NoYOlyuOjoVkdmSmksj+tPhbqcNL/UIqbkc2zszPNh+Nd35
w6wNX6jpt4GWaWbEOlG67XfjRDFAHP16489tLGjRf0cnHUgKZCeUTkA8l1+5zB2C
oQ5nEhG4Ps6wnNkz5BSna3pygfv0FlwlV4oij6vT09kMz4TKz0Tkfipze8AJX6Gi
hG2w87JYiu7Z2IQq04dcl5ydMgOuwYgZ1MaPsE9l/3bAkLLLQfa9skfkMcCHaFiO
gvaRHm0Amk5EVXAg/wV0Pp/uJs15+TLZ7LVX0YuBAQKBgQDcLQdcBu2PmcEx9DfH
NQBqvWTbk+gannzlnDL+0V6XUmt/59x1nXx7s5zwed5GLVan9wKTv2mqDQBAb7a6
o/daVJ5ChqAY6dVxQ0AcH6JjN0NhnWXqDTinyTprftzKVb2idvd+czA+VJRc8e2B
/2a7fEZ5b58JpvmNCkrQ5kthYQKBgQDCovF5aqPmh+sZW+hDkcws11JI/5czsJbu
VyheDniCCVLaRD5Jqg1bWaNiVLu816OX3VxEBna4l51waQteAPmVcwTi+kdpFfRa
0B+o8xwcotJ3HEPIfbPcLXySAYEmH5SQoY8a/JOKWptbKhpnZatquIUAoZ5zu7kN
w0PPbaHWywKBgEGhDnOJASDv1N2eDU5M5y3p/HlTMjlVCqeqkqzQHeD/SVnb9CP+
6I8678nimbXTZ+QzRcpioQ12SJ/sbMxfeaisVmxAEtK6SMw1HpQDffUTEPu03h8R
B9VDry1BqHCLdDZMPeOsVDIQJhU6a/B2/9lc5ujls8M9yV8YNUrlioyhAoGAdTP5
hMuadq9R+qtFaarZ8AaZHiwKuK2VtV/2huzf1C4ZHiYJ/AHSmTeZExVDF6wibsh1
TuE1jGKAA7i9h5W+tSfVwXhEmBsIUccRyYLbYsMJSYBTsN9A90zMvn75biOGKrGe
ovmFPsLg2jy4OZsXZeRG8uJfsAFSpd73bmjuE5ECgYAJY80TLNlBfc8vII6QKeY8
pwG6NXXI0NoqaqkY6pS6jVcfNvfcHisWyN04lOldzle2TPjlyHE60fXUjxKu2kFO
JjBJidaElwZgS6svD4sonWGo8oW1dRjTz8gS2AoEk7JDGdOkzA//sZPQFyh1Thw8
zRq7RCpSOHIgEuKQh+RV4g==
-----END PRIVATE KEY-----

)

By using this api GET {vaultBaseUrl}/certificates/{certificate-name}/{certificate-version}?api-version=7.3

I'm able to get this response:

[cer] => MIIELTCCAxWgAwIBAgIUJ3cxAHjVinLmd9mg2oruC25Z5EQwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMRgwFgYDVQQKDA9Td29vcCBBbmFseXRpY3MxFDASBgNVBAsMC0RldmVsb3BtZW50MRIwEAYDVQQDDAlYaW55aSBXZW4xKzApBgkqhkiG9w0BCQEWHHhpbnlpLndlbkBzd29vcGFuYWx5dGljcy5jb20wHhcNMjMwMjIwMjM1NzQ1WhcNMjQwMjIwMjM1NzQ1WjCBpTELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlNZWxib3VybmUxGDAWBgNVBAoMD1N3b29wIEFuYWx5dGljczEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAMMCVhpbnlpIFdlbjErMCkGCSqGSIb3DQEJARYceGlueWkud2VuQHN3b29wYW5hbHl0aWNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdmQ8E2aiIpczI2503ZCkEms3M4vCZ49PBUMuJ5LMWVjL+rwTLh5vegz+/bCghTWWEvfBplnUM4X/byqkzs0AUpiEGuIY1uU/wesaVdChN3i1dBOefw3pem3hgpsOe/TDfKXExwK724yZ4FgYt97m6dxBymmYhmeH5/8MZZmL34yWzbThRr4pKKSMX5tghoD7mRX3IJXqctODMlbp98NJVbeCx/LlcfV0VG5irgOj0hqWvxHI/CpNnqPKpwSNPxrvrrpFAbAHswAZMRKYKLyhBZ3EL3TiWISL1evCPsY+/aIrKNvgdNvwsooiW8AD8MJ3bu5RzhIb3DfHYCdywuTesCAwEAAaNTMFEwHQYDVR0OBBYEFAQmvD5734EIeDScuoaeCWiyC3qVMB8GA1UdIwQYMBaAFAQmvD5734EIeDScuoaeCWiyC3qVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACzPbKswNkwS1AT7AWmDFiHcbgG7zCQwTGiQd0WRi0ttOjaLyFEGYjFtaDfxYTjaXhmhZdc9H2HRB8t1aiE+8rovYF2TFAKJoFBokL7xNDQYUITU2rqQVFq7l7V3D8Jcz12g1BHI9EIyYNl09S5At5VMPZQ267Ewvao7R/eOkD/aXmgByjX3ZJ3o0o1JgwC6qcvoTWKz4QsOGdSwNOsY+FaG5jVQ3BP1DZHHXc8b3ehE0NnTF/VYveTmXKVun7MOANZasGI5rUdzsKE3mbKrttITt1dYpjlRa+5D5nIFY4oprmKSXRlvPjCkpQr4MO2UpSblxKhYIRxY2F4hcjSqowQ=

which is exactly same value as my .pfx file.

But when I use this api GET {vaultBaseUrl}/secrets/{secret-name}/{secret-version}?api-version=7.3

the response I got

stdClass Object

(

    [value] => MIILLgIBAzCCCuoGCSqGSIb3DQEHAaCCCtsEggrXMIIK0zCCBgQGCSqGSIb3DQEHAaCCBfUEggXxMIIF7TCCBekGCyqGSIb3DQEMCgECoIIE9jCCBPIwHAYKKoZIhvcNAQwBAzAOBAiZ1yjcyIQa6AICB9AEggTQg2JDT26AQapv9kzoj9dLuWq9mfzJcQyqa20eE9N9BoBvWSZ+XkXKutfsdtOz9Dl5ChHrHa0OK3cXUmJFgLBwyh6MkwpS/FXBuPxx8w/zmTHcdFfFo8pjLcQ0xABFZhHjmmQo36YtP09UXaqF4dgwH+ZlnqYZn0jGa9fiT+xERtmMXRB7S7JthUg5fJaJ9A36FgOfnGwqE3v4w/kJS+Xj9CY6UZOQoxRNwjLfLb1lWflFu4ofshLI3crfZzAwPoQj8nGwXtVUcCSE4MdXi0LzdMi+NVALvG1t/AjMKYiJRXJi14Nk1McIloQdFwjyGLdb/+ok1ehKKDWTxfyOXpFwfxkybDf7ClUuvR+Pvd5hN3TZR5+ZMGwFce4KuDSD6FAL2icjKo8TgzRvf9Ped/zDnhg4cD0xYlPO71LtFumus1o6lXbdWJsHU+yfxyyMbT6nSEWMfgpJJNY08Civ2YXR37cKbaZM7IxZcoE09z020djafkhBfO4lddUQRv/z1nuOJhMNtVxe96EhLFnXwh2Y5wYPFyrk2ext56rxmEcchjuqrbXrHdb7Mo426okgPYjV4yOweE/xINmVjbjiEmnnUfFZjfOjMZtKGliYsv7MNHH4J0cjjHQ+cKEUu9H6Ei57TIzvMLqPNkhZfqC2LRUWmLr4txrBbwx07EAmNgXg458RrLdk8ronBtzAPH5YV6s2N9aLai/1OUXISynYTpAZ1bzagAZTDJkaPmiUhKv/jqI12UwvOSx81PI8kJ/Q7QEhl3TkB8x0nRMKaX2Fm5siIsjLySFUamZN72b8Z4bs4Iwd+/+K/3bl9PPru1pI4le6SVPEcD0tctWd5u1RE3HZAR9Z3vpG0K4kBNOkxWtvKW0CzZ2AKDwe9zlsnOc7YX8ajfVcclehejgAzDbAxjlG33PnwAswrGh6McNFs6olFD0B61Q3fZpFIloEtyF1KRLulkI8gNFd/s2IoOS1FCMhqibKVt8UW7O4KSBOoRSCEKGu4vz2BLKQ37VN5hXRczgimm8oSLQsHDlG2fyz0bHpZ2pw+v9FtU1bwA/+Dd6eJJu4O9Yqn4P5Wvo02cviMLfCSJfZJ0J443n84hiI09pYGH2UGR2N2+7QXyuRA+AzzT90MteL4A/k3Nj5LUOcVxZjTKIy5DsC1WjtKMcSujCFa+fZeGMkanWHAuBUG+cWwDDor08J8INZU4VfJzMMZFh7U0p85h/bk5uy5wiikFikie91Kzp/mcsPfv3HlTUWIhEYF7/eKTyoi79zWYkeu4JA3UIK1RWMSEjQD4jfa4iZKNhQjLZ5DhTNkFr+NsZmzh/YCGrv7LZCANeLbFBnVpbz7iuv8npioZ5g29j2s2kgAxwYAo2DIlo8WwFVmcDLmZPVGMe28YSH9EA9CoeaOP8RpIw8yNfZwSBC7mk7+hcwYxokCqRF6ppSUtdS3DpPy/pXgr1dBqYdsWWsgPi4e77zFw1mHTY6EAA5+PSc5VsvPu+Kua6ssZTOomnPHamH7q+yPf6iy/w+hjE4t1NHWRtlzwm2xQ2+SxEqv2rBIVNUSq9gZp9xSPG35OEJphlRfjL0Hz4lfRNHC8HyOchCt32NAOSwXaDURSWTu5CRAdyKK4S770idP2gD5IKZnkGoER4xgd8wEwYJKoZIhvcNAQkVMQYEBAEAAAAwWwYJKoZIhvcNAQkUMU4eTAB7ADkARQA1ADAAMgA5ADUANgAtAEQAQQA2ADgALQA0ADgAMgBGAC0AQQBCADEAMAAtADUANAA0ADEAQwAwADUAOQAyADkANwAyAH0wawYJKwYBBAGCNxEBMV4eXABNAGkAYwByAG8AcwBvAGYAdAAgAEUAbgBoAGEAbgBjAGUAZAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAIAB2ADEALgAwMIIExwYJKoZIhvcNAQcGoIIEuDCCBLQCAQAwggStBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAg/U3J4K1CSywICB9CAggSA6Wu6FrJq3P1V4Pl/w6UrXWRQfmcWn0jNeriDWSCQqPd2QYcpTBliAk8fG1FwyO9cd3qo/ZwqWaMxrJUPmm92WfDFUqWdc4KL3Rb8sZ9WeJUonCXwX3s4qY6PiP2CRRt709HUwSAyiQ7HuDXCJF1WU2toUnM+AG+bB1zKjaQrRYlBu6i/1xMVp6ObbfxOd4DilxiRqpKVUcAn4WuAYD4RBeOVJs73GGd2LHiiIcJLAyM9IopPnttzzoIsthBKmtdFf5SoUNu7e+v0DbERFVEX5UQs8MQbFErOTAAP0HMtKQt0Z/bgTjVwVGzOjgRqPbM/gb6CxeTLIRPXGSgy+T8JG1vOHZt/0uDlQqSQRm6FXOoodTRyYL1uS+56MU3xB6qBZU/pfCz5qXTu0eBj7WXlwVDSY99tJ1UKcO/RfYbxWX91Z3ne06gSi/ZL94vDssThZRQ/z+PTohyK0BexV6w8rmnkvZ/dJ3eVBdx/oCnNOdhfFSBkk42LFJENas6wd8EWt8GL8/SSZgfgB/kkTOSovn5jzAt3+g/6MQvP9oPuOkFbkcilonPtrLlTrUITGvjq5zG6MxIiQkma+NHZw5bxr69MRgwcG4iS5muzWu/YYofU1lHdAU2bnnohmyZcOlrbrRweX8MpYeluCylCOyrIZTBx4MXWrkXJ2hBPlovdAzPQ+3GrGonZXTM0i6UFsose6NL2ly8J1bYmtZszwMO7h5FnfIA6dFwokHEPz1SMCc53paSjKzwRdyIH5dqBMVmtlHLFSSnkBcVKnVfUBV/2FSk4rTq450tQLOiTvcAJpo/EU5ckolD50tNZlhaCJYpQYRKqoPPN6F9WZdasEl4Ht63vNa9rFBRqCzpSyrnbmHxMSclNBm2JgjQ0e+1nlx4Wkf65TRknBTI49cP0GQbNxLqrBGlKv6uMZ+xbYStGg92CIDoHle3XDd9E01LcNtqGjb+DGgucpLVE+WuMcVcZ/BBMm8TI7FnrJKMtOIlgu+ZGcxjP2x5tpC/GF7nYQXPo9fuF3mX5xT1jrlapoLlJRSRxpXgshvL8Nq3h3vmSh8GBjkge2050lntZCrkE2Mk55SSCN1Fspv5IYSKh8vN8qH4k3oo+5gq7vdBJD4ATmUlGaL4laMfOGfoQPYc717f4qCig10UoFjm27qCyg76t6Hn4v8lLtjg2ZCPI3vDu9rxRKNWxsL8fEfqN1FhKzKD/ivbB41v1wa/U1O14O65Go7i7OY3PI9sU+uPG/FeLI2gTHawHrPWZSRTSlOqzOggVGKFXe+5AL1+o0AYPWyHbd579gXlWm3TrmsF1+UiRI5MFinotYhISC4vsGm8fijsYSKDAUeB/aQWfLZchnAsmqCutxO2jMUUqyfmyVP1G1wlLdvUoSNWO5J2H2CuezPLoKNODEEcAtGgqjMO+e6LPuJh4C3WS82Wr7Ca4OR1RrWtfT95m2lNpQfBqgOo49FyMALCCC+OLgn1ALQRdoFWrRk8WPZZg+QOWwRjaZKcgm+hddcfwu9sVxkQdmMxc8m+cMDswHzAHBgUrDgMCGgQUC8vuPtrF/3FGZdAITVmeWeEpOncEFEa7qqYs55cJnFe2nePw9M+CPBJ6AgIH0A==

    [contentType] => application/x-pkcs12

    [id] => https://my-keyvault.vault.azure.net/secrets/my-cert-name/e0d55d63183d4eb395365f9f0ed7a054

    [managed] => 1

    [attributes] => stdClass Object

        (

            [enabled] => 1

            [nbf] => 1676937465

            [exp] => 1708473465

            [created] => 1677126687

            [updated] => 1677126687

            [recoveryLevel] => CustomizedRecoverable+Purgeable

            [recoverableDays] => 7

        )



    [kid] => https://my-keyvault.vault.azure.net/keys/my-cert-name/e0d55d63183d4eb395365f9f0ed7a054)

The value is different from my .pfx file, although it says x-pkcs12 format.
Could you please tell me why the value of private key is different and how can I transfer it to the value in .pfx file?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,102 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 27,216 Reputation points Microsoft Employee
    2023-02-28T08:08:16.1+00:00

    Hi @Xinyi (Echo) Wen ,

    Thanks for reaching out.

    I understand you are trying to get information about the certificate and secret of Azure Key Vault using API.

    Both the APIs are expected to return JSON response to give the information about certificate.

    It seems in your scenario API GET {vaultBaseUrl}/certificates/{certificate-name}/{certificate-version}?api-version=7.3 is not returning correct response which is expected to return same response as GET {vaultBaseUrl}/secrets/{secret-name}/{secret-version}?api-version=7.3

    Could you please check the request to get certificate details once again?

    Reference: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/get-certificate/get-certificate?tabs=HTTP

    https://learn.microsoft.com/en-us/rest/api/keyvault/secrets/get-secret/get-secret?tabs=HTTP

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.