Unable to Associate Key Vault with App Certificate

Jermon Bafaty 20 Reputation points
2023-10-12T21:43:46.72+00:00

Hi,

I'm trying to complete the assignment of an Application Service Certificate. The last step is to assign to a Key Vault. I followed the instructions in the portal, but keep getting an error:

Failed to link certificate with the Selected Key Vault.
Check below errors for more detail.:
The parameter keyVaultCsmld has an invalid value.


I'm not using a command line and figure out why this is failing. Thanks for any help.

Thanks,

.::jb

kv

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,453 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,471 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2023-10-13T00:23:24.9766667+00:00

    @Jermon Bafaty

    I saw a similar issue before that may be related to your problem. When we use the "Azure Appservice certificate" the overview page shows the option to "Configure required KeyVault store." Then it will direct to the page "Store, Verify, Assign." Once the KeyVault is imported this operation should be succeeded.

    The likely cause of your problem is that the Azure KeyVault with RBAC support model doesn't support the Key Vault RBAC permission model and it is necessary to use Azure Key Vault with access policies method. You need to either change the access model to "access policies" or (if you don't have permission to change the access model) create a new Key Vault with access policy as the method.

     

    Our documentation mentions this limitation.

    User's image

    https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration#vault-access-policy-to-azure-rbac-migration-steps:~:text=Custom%20role%20required-,Note,-Azure%20App%20Service

     

    Let me know if this helps and if you still face this issue.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information. Otherwise let me know if you have further questions.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.