Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,135 questions
Can't import pem certificate in key vault
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 16%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
Christian D Alessandro
5
Reputation points
I'm trying to add a .pem certificate to my key vault, it seems to work but when I try to add the certificate to my CDN secrets I get the following error:
Failed to create the secret 'mykeyvault-webcertificate-latest'. Error: The secret contains an unsupported content type. The content type needs to be application/x-pkcs12.
Then I tried to export the certificate using openssl command:
sudo openssl pkcs12 -export -out certificate.pfx -inkey live/www.mydomain.com/privkey.pem -in live/www.mydomain.com/fullchain.pem
but when I try to import it into my key vault I get the following error:
Upload Error for certificate.pfxAn error occurred when reading certificate.pfx file.
the certificates were generated with certbot (the CA is letsencrypt).
Can anyone help me please? Thanks in advance
{count} vote
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,326 Reputation points2024-01-11T04:27:47.4+00:00 Hello @Christian D Alessandro , please detail the steps taken to generate the certiticate.
-
Christian D Alessandro 5 Reputation points
2024-01-11T08:33:18.9266667+00:00 hello @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA , before the detailed list of steps I'll describe what I'm trying to achieve.
I created a Storage Account and enabled static website, but I needed to enable SSL on my domain, so I created an endpoint for my website behind a CDN and then I created a key vault in order to add my certificate and use it into my CDN.
- ran
sudo certbo certonly --manualto generate my certificate with let's encrypt - created the file on the storage account for the acme challenge and obtained the certificate files on my localhost
- I tried to upload the fullchain.pem on my key vault but I get an uploading error importing it
- so I ran
sudo cat fullchain.pem privkey.pem > domain.pemin order to have both the keys into my certificate - imported successfully the domain.pem key into my key vault (but I'm not able to import it into my CDN secrets because the certificate content type should be application/x-pkcs12
- I ran
sudo openssl pkcs12 -export -out certificate.pfx -inkey live/www.mydomain.com/privkey.pem -in live/www.mydomain.com/fullchain.pemin order to obtain a pfx certificate including the private key in it - tried to import the pfx certificate but I got the "Upload Error for certificate.pfxAn error occurred when reading certificate.pfx file."
Thank you!
- ran
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,326 Reputation points
2024-01-31T06:07:16.19+00:00 Hello @Christian D Alessandro, apologies for the delay. I will repro this and come back with my findings. Bare with me it may take a couple of days.
-
Christian D Alessandro 5 Reputation points
2024-02-09T14:19:54.61+00:00 Thank you @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA , I really appreciate
Sign in to comment