Share via

Windows CA integration with KeyVault

Andrea 276 Reputation points
2024-10-22T14:41:59.1166667+00:00

Hello everyone,

I'm trying to find out if KeyVault can communicate with a windows Certificate Authority because my aim is to make a CSR from keyvault to CA like this:

https://learn.microsoft.com/en-us/azure/key-vault/certificates/create-certificate

but it seems that it's possible only for Partnered CA Providers (Digicert, GlobalSign), is this correct?

thanks

Azure Key Vault
Azure Key Vault

An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.

0 comments

Answer accepted by question author

Akhilesh Vallamkonda 15,355 Reputation points Moderator
2024-10-22T16:43:07.7266667+00:00

Hi @Andrea

Thank you for reaching Microsoft Q&A Forum!

Yes, your understanding is correct. A Key Vault certificate object holds a configuration that's used to communicate with a selected certificate issuer provider (Digicert, GlobalSign) to order X.509 certificates.

However, you can create a certificate with a CA not partnered with Key Vault.
You can use this method with any Certificate Authority (CA), not just the ones that are partnered with Key Vault. This means your organization has option to choose whichever CA it prefers.
For more information, please go through https://learn.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios#creating-a-certificate-with-a-ca-not-partnered-with-key-vault

Hope this helps. Do let us know if you any further queries by responding in the comments section.

Thanks,

Akhilesh.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Was this answer helpful?

0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 13,360 Reputation points Volunteer Moderator
    2024-10-22T16:39:52.4033333+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    You can generate a CSR in Key Vault, manually submit it to your Windows CA, and then merge the signed certificate back into Key Vault.

    You could develop a custom solution that automates the process of generating a CSR in Key Vault, submitting it to your Windows CA, and importing the signed certificate back into Key Vault.

    Some third-party certificate management solutions offer integrations between Azure Key Vault and on-premises CAs, including Windows CA.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.