Share via

Error Occurs When Importing Certificate into Key Vault Using Azure CLI

Takumi 0 Reputation points
2024-08-21T10:09:02.5533333+00:00

I imported a certificate using Azure CLI, but an error occurred. Could you please provide a solution?

I followed these steps:

  1. Converted the <.p12> certificate to <.pem> using OpenSSL(*)
  2. Imported the <.pem> certificate using Azure CLI"

The command executed in the second step and the error that occurred are as follows:

az keyvault certificate import --vault-name <keyvaultname> --name <certificatename> --file <certificatepath> --password <password>

The following error occurred after executing above command.

(ServerError) ActivityId: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx, ActivityName:CertificateImport
Code: ServerError Message: ActivityId: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx, ActivityName:CertificateImport

I'm not sure why a server error occurs. For additional context, I have included the logs from running the command in debug mode

cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/keyvault/_command_type.py", line 109, in keyvault_command_handler
    result = op(**command_args)
  File "/usr/lib64/az/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "/usr/lib64/az/lib/python3.9/site-packages/azure/keyvault/certificates/_client.py", line 401, in import_certificate
    bundle = self._client.import_certificate(
  File "/usr/lib64/az/lib/python3.9/site-packages/azure/keyvault/certificates/_generated/_operations_mixin.py", line 1947, in import_certificate
    return mixin_instance.import_certificate(vault_base_url, certificate_name, parameters, **kwargs)
  File "/usr/lib64/az/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "/usr/lib64/az/lib/python3.9/site-packages/azure/keyvault/certificates/_generated/v7_4/operations/_key_vault_client_operations.py", line 1947, in import_certificate
    raise HttpResponseError(response=response, model=error)
azure.core.exceptions.HttpResponseError: (ServerError) ActivityId:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, ActivityName: CertificateImport
Code: ServerError
Message: ActivityId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, ActivityName: CertificateImport

(*)FYI
The <.pem> certificate is formatted as follows, including the end-entity certificate, two intermediate certificates, and the root certificate.

-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----

Thanks,

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,309 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 32,986 Reputation points Microsoft Employee
    2024-08-27T04:14:42.3966667+00:00

    @Takumi Thank you for reaching out to us. After researching the error, I found a similar case internally where the suggestion was to use the certificate in PFX format. Although Azure Key Vault supports both .pem and .pfx formats, the issue might be due to a problem during conversion with OpenSSL.

    I recommend renaming CompanyX.p12 to CompanyX.pfx and following the steps outlined here: https://learn.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios#formats-of-import-we-support The P12 format is essentially the same binary format as .PFX.

    Let me know if you have any further questions, feel free to post back.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.