Azure Key Vault: Creating a certificate with type "Certificate issued by a non-integrated CA" generates a "self signed certificate"

eckhard.pruehs 0 Reputation points
2023-07-26T09:39:27.0633333+00:00

We want to store a Code Signing certificate in the Azrue Key Vault HSM (HSM is required since 1st of July for Code Signing certificates) and followed the instruction of our certificate reseller:

https://trustzone.com/knowledge-base/how-to-set-up-install-and-use-an-ev-code-signing-certificate-in-azure/

But all certificates with "Certificate issued by a non-integrated CA":

User's image

will be created as "self signed certificates":

User's image

and we are then not able to "Merge Signed Request", because the entry in the image above is greyed out.

Our reseller tested this in his Azure Key Vault and doesn't have this problem.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,372 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,811 Reputation points Microsoft Employee
    2023-07-27T20:49:15.3+00:00

    @eckhard.pruehs

    Thank you for your detailed post!

    I understand that you're trying to create and merge a certificate signing request in Key Vault, but you're having issues when generating a new certificate because the "Merge Signed Request" button is greyed out. To hopefully help point you in the right direction, I'll share my findings below.


    Findings:

    When it comes to adding certificates in Key Vault issued by non-partnered CAs - I reproduced your issue and noticed that once my certificate is created, it's "enabled" and shows "Completed" when I navigate to the Certificate Operations pane, additionally the "Merge Signed Request" button is greyed out.

    User's image

    Looking at one of my older non-partnered CAs that I created, it looks like everything is working as expected with the Status showing "In Progress".

    User's image

    • Because this looks like a potential bug, I've reached out to the Key Vault team regarding this and will update as soon as possible.

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.