Create a certificate on Azure Keyvault with EV Code Sign Cert from GlobalSign

Question

Create a certificate on Azure Keyvault with EV Code Sign Cert from GlobalSign

Juhun Lee 0

Hello,

I am trying to create a certificate on Azure Keyvault with EV Code Sign Cert from GlobalSign.

I followed the steps but the "Merge Signed Request" button is not clickable at all.

GlobalSign support couldn't figure out why this is happening. Any suggestions/ideas to this issue?

Thank you!

User's image

JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-07-25T18:51:36.81+00:00

@Juhun Lee

Thank you for your detailed post!

I understand that you're trying to create a Certificate within the Azure Key Vault with an EV Code Signing certificate from GlobalSign but when trying to select the Merge Signed Request button you aren't able to.

Based off the screenshot that you shared, it looks like your GlobalSignEVCertitificate has already completed which could be the reason why you aren't able to Merge the signed request. However, to gain a better understanding of your issue can you share the documentation that you're following?

Any additional information would also be greatly appreciated.

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
Juhun Lee 0 Reputation points

2023-07-25T19:04:45.76+00:00

@JamesTran-MSFT Hi James! Thank you so much for your attention to my issue.

I did all creation processes with GlobalSign tech support so I guess there wasn't any mistake during the process. It wasn't really completed because I couldn't even click the merge button. The GlobalSign person said that that button should be enabled and I was supposed to click to complete the process.

When our team run the pipeline with signing tool, we get an error like "root certificate is not trusted by the trust provider" and windows defender still blocks our installer file. The GlobalSign person thinks this is because the merge process hasn't gone through properly.

Do you have any idea what I did wrong? or what I should do?

Best,

Juhun

2 answers

Your answer

JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-07-25T18:51:36.81+00:00

@Juhun Lee

Thank you for your detailed post!

I understand that you're trying to create a Certificate within the Azure Key Vault with an EV Code Signing certificate from GlobalSign but when trying to select the Merge Signed Request button you aren't able to.

Based off the screenshot that you shared, it looks like your GlobalSignEVCertitificate has already completed which could be the reason why you aren't able to Merge the signed request. However, to gain a better understanding of your issue can you share the documentation that you're following?

Any additional information would also be greatly appreciated.

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
Juhun Lee 0 Reputation points

2023-07-25T19:04:45.76+00:00

@JamesTran-MSFT Hi James! Thank you so much for your attention to my issue.

I did all creation processes with GlobalSign tech support so I guess there wasn't any mistake during the process. It wasn't really completed because I couldn't even click the merge button. The GlobalSign person said that that button should be enabled and I was supposed to click to complete the process.

When our team run the pipeline with signing tool, we get an error like "root certificate is not trusted by the trust provider" and windows defender still blocks our installer file. The GlobalSign person thinks this is because the merge process hasn't gone through properly.

Do you have any idea what I did wrong? or what I should do?

Best,

Juhun

Answer 1

JamesTran-MSFT 36,906 Microsoft Employee Moderator

@Juhun Lee

Thank you for following up on this and I apologize for the delayed response!

When it comes to adding certificates in Key Vault issued by non-partnered CAs - I reproduced your issue and noticed that once my certificate is created, it's "enabled" and shows "Completed" when I navigate to the Certificate Operations pane, additionally the "Merge Signed Request" button is greyed out.

User's image

Looking at one of my older non-partnered CAs that I created, it looks like everything is working as expected with the Status showing "In Progress".

User's image

Because this looks like a potential bug, I've reached out to the Key Vault team regarding this and will update as soon as possible.

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-07-27T21:31:31.3333333+00:00

@Juhun Lee

Thank you for your time and patience on this!

I received an update from the Key Vault team, and this was a known bug where the fix has already been pushed. Can you sign-off and sign-in again to see if that resolves your issue?

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Juhun Lee 0 Reputation points

2023-07-28T02:13:58.63+00:00

@JamesTran-MSFT

Thank you so much for your attention. I really appreciate it.

So, I signed out and in again, then checked the keyvault.

But the merge button is still grayed out. Do I need to re-create a new certificate?

Have you also re-checked with your certificate?

Again, thank you for your help.

Best
Juhun Lee 0 Reputation points

2023-08-01T15:13:53.7233333+00:00

@JamesTran-MSFT

Hi James, sorry for bothering you...but it is still grayed out.

Any idea for resolving this issue?

Thanks!
JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-08-01T17:31:19.81+00:00
@Juhun Lee

Thank you for following up on this and I apologize for the delayed response!

When it comes to your merge button still being greyed out, can you see if creating a new version of your current certificate resolves the issue? I tested this out using the same "test" certificate within my original answer and was able to select the "Merge Signed Request" button.

Note: I also created a new Certificate and didn't have any issues with merging the signed request.

If you have any other questions or are still having issues and would like to work closer with our support team, please let me know. I hope this helps!

Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Juhun Lee 0 Reputation points

2023-08-07T13:19:11.5666667+00:00

Hi @JamesTran-MSFT :)

Setting a new version up worked out! I was able to merge it!

I have got one more question though...

Is there a way to get PFX file? It only download PEM file.

or convert PEM to PFX?
Piotr Buda 0 Reputation points

2023-08-07T13:27:19.67+00:00

Hi @JamesTran-MSFT ,

I work with Juhun and we just faced the issue with downloading the PFX file. I tried to convert the PEM to PFX but then the signed file is recognised as a virus. Is there any supported way of retrieving the PFX from the certificate on azure key vault or converting the PEM
JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-08-07T19:21:35.84+00:00

@Juhun Lee and @Piotr Buda

Thank you both for following up on this and I'm glad that I was able to help resolve your merge issue!

When it comes to downloading the Certificate as a PFX, you'll have to make sure that the Certificate or new version that you created is PKCS and not PEM.

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-08-11T18:28:37.9166667+00:00

@Juhun Lee

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Answer 2

Amen Jlili 0

I am having the same issue.

Share via

Create a certificate on Azure Keyvault with EV Code Sign Cert from GlobalSign

2 answers

Your answer