Share via

Unable to create a cert in Azure keyvault

Dan Bottiger 20 Reputation points
2024-10-04T17:20:45.5966667+00:00

I am attempting to create a new cert in Azure Keyvault and it continues to fail.
I am a keyvault admin and certificate officer for the keyvault and I created the access policy and gave the account full permission (following the link included below).

Any insight on where I need to look next, or what permission aside from Global Admin, Keyvault admin and Certificate officer is needed.

Here is error statement

The user, group or application 'appid=' does not have certificates create permission on key vault . For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,411 questions
0 comments
Accepted answer
  1. David Broggy 6,191 Reputation points MVP
    2024-10-04T20:33:02.17+00:00

    Hi Dan, here are a couple of things to try.

    Hi Dan,

    I just created a key vault, tried to add a new cert and of course it fails as expected.

    Then I assigned myself the IAM roles: Keyvault admin and cert officer roles - just as you said.

    Then I refreshed my browser in order to update my token/roles. (no logout needed)

    And now I was successful in creating a new cert.

    Is it possible you simply need to refresh your access token? or did someone change the role assignment method under the key vault settings? or are you using PIM?

    Good luck.

    User's image

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.