Property x5c has invalid value X5C must has at least one valid item

Question

Property x5c has invalid value X5C must has at least one valid item

Sukant Virkud 26

got the error while merging the certificate in azure key vault but when we tried to merge by removing the intermediate root and certificate chain from .cer file that works. Any idea what caused to merge certificate task.

Answer 1

JamesTran-MSFT 27,751 Microsoft Employee

@Sukant Virkud
Thank you for your post and I apologize for the delayed response!

I found a few internal support requests where other customers ran into the same issue. I'll share the solution below to hopefully help point you in the right direction.

Error Message: Property x5c has invalid value X5C must has at least one valid item

Root cause:
Depending on your Certificate's Header and Footer you might see something similar to the below.

-----BEGIN PKCS7-----   
Certificate Info  
-----END PKCS7-----

According to our engineering team, Certificates with a Header/Footer similar to this worked previously because the portal removed the header and footer from the certificate, and only sent the certificate body in the request to the AKV backend. However, due to a recent change the Azure Portal was updated to support merging the certificate with its chain, which requires sending everything from the certificate, including the header and footer.

Solution:
Due to this change, you'll have to now use the Begin/End Certificate Header/Footer in order to merge your certificate. For more info.

-----BEGIN CERTIFICATE-----   
-----END CERTIFICATE-----

If you have any other questions or are still having issues with this, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Mukesh Awot 21 Reputation points

2022-11-22T15:38:57.867+00:00

I tried adding below header/footer while merging the certificate in azure key vault. Still getting error - property x5c has invalid value X5C must has at least one valid item
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Gauravkumar Koradiya 1 Reputation point

2022-11-24T08:02:39.733+00:00

i could not able to resolve it with given instructions. i generated a server certificate from "Name.com" when i try to merge then i don't able to do it.
L. Eric Keown 6 Reputation points

2022-12-01T21:27:39.423+00:00

LEricKeown-8587 answered • 1 sec ago
@JamesTran-MSFT my certificate has the -----BEGIN CERTIFICATE----- header and -----END CERTIFICATE----- footer and I am still seeing the below error.

Error information
CODE
BadParameter

MESSAGE
Something went wrong with the certificate creation.

RAW ERROR
Property x5c has invalid value X5C must have at least one valid item

Some additional details, I created the CSR in the Key Vault with a "Certificate issued by a non-integrated CA" and content type of PEM.

I have tried to import the cert as a pem file into the key vault and received the same message.

So can you please go back to the engineering team and see if they have any updates or work arounds to get the certificate loaded in the KeyVault.
joao vitor 0 Reputation points

2023-03-16T17:36:56.86+00:00

Hello, I would like to know if someone managed to resolve this error, I asked the certifier to issue the certificate again, believing that the error is in the Key, but I am still having the same error.

Property x5c has invalid value X5C must has at least one valid item

0 additional answers

Activity