Certificate .pfx file downloaded from KeyVault doesn't have password protection. Steps to generate a password protected .pfx file:
Import PFX
If we want to have this pfx with a password, the easiest way is to just import it on a Windows machine and export it again but this time with a password. Here is how to do this:
- Right-click on the pfx file and choose Install PFX
- Choose Local Machine and click Next
- File name doesn't need to change, so proceed with Next
- On the Private key protection wizard leave the password empty and check the "Mark this key as exportable". Click Next.
- On the Certificate Store wizard just leave it as Automatically select the certificate store and click Next.
- Finish on the last one. You should get "Import Successful".
Export PFX with password
Now we need to export the certificate but this time with a password. We need to browse the machine's certificate store to initialize this.
Open Certificate Manager
- Open Run (Windows + R) and type mmc
- On the MMC console, go to File -> Add/Remove Snap-in or Ctrl + M. Select Certificates and click Add in the middle.
- You will be asked My User/Service or Computer account. Choose Computer and click Next.
- Leave everything default on the next one (Local computer: (the computer this console is running on)) and click Finish.
- Click OK on the Console Snap-in
Export certificate
- Now expand the Certificates (Local Computer) then expand Personal and choose Certificates
- Find the certificate you just imported and right-click it -> All Tasks -> Export...
- The Export wizard starts. Click Next on the first window.
- Then choose Yes, export the private key and click Next
- On the Export File Format make sure that everything except "Delete the private key if the export is successful" is checked and that this isn't. Click Next.
- Here you can choose a password for the pfx file. Make sure to check the Password checkbox and type your desired password. Leave the Encryption as TripleDES-SHA1. Click Next
- Choose where to save the new .pfx file by clicking Browse
- Click Finish and you should get "The export was successful" message.
That's it. You now have an exported copy of the App Service Certificate in a .pfx format and with a password ready to be used anywhere you want.
@Michael Gaddis FYI