KeyVault returned full chain PFX cert file isn't verifiable

Porsche Me 131 Reputation points
2021-10-30T03:46:33.883+00:00
  • Make a full chain password protected PFX cert file using below steps cat issuingCA.cert.pem rootCa.cert.pem > chain-mycert.cert.pem
    openssl pkcs12 -export -out full-chain-mycert.pfx -inkey mycert.key.pem -in mycert.cert.pem -name mycert-ca -CAfile chain-mycert.cert.pem -chain -passout pass:REDACTED
  • Verify the above PFX cert file with below command, enter the password when prompted keytool -list -keystore full-chain-mycert.pfx -storetype pkcs12 -v
  • Upload the PFX cert file to KeyVault using to Azure Portal
  • Download the uploaded PFX cert file from the KeyVault using Azure Portal
  • Verify the downloaded cert chain with below command, not need to enter password keytool -list -keystore <down-loaded-cert.pfx file> -storetype pkcs12 -v
  • Verify the PFX doesn't have chain information by running below command
    keytool -list -keystore chain-test-rp-search.pfx -storetype pkcs12 -v
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,135 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,556 Reputation points
    2021-11-01T11:11:16.62+00:00

    Hello @Porsche Me ,

    Thanks for reaching out.

    Azure keyvault does include certificate chain when you download certificate along with private keys such as .PFX format in case if certificate were uploaded along with respective certificate chain so make sure cert that uploaded contains certificate chain.

    I would recommend you to refer steps mentioned here to "Merge all intermediate certificates" and "export certificate to PFX" format then try upload into Azure keyvault.

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.