"Authority Key Identifier Extension is malformed" when importing self-signed certificate to Azure Key Vault

Feng Huang 1 Reputation point
2022-02-21T15:35:41.82+00:00

When I try to import a self-signed certificate to Azure Key Vault, I get the following error:

CODE
BadParameter
MESSAGE
The specified X.509 certificate content is invalid. Error: x.509 authority key identifier extension is malformed..

I have checked the certificate using openssl x509 -in test.pfx -text -noout and the authority key identifier extension looks like:

    X509v3 extensions:
        X509v3 Subject Key Identifier:
            30:EB:F8:DD:7A:14:20:2E:52:C8:FF:0D:61:01:2C:18:7F:9A:4F:8E
        X509v3 Authority Key Identifier:
            DirName:/C=US/ST=California/L=Example/O=Example Ltd/CN=example.com
            serial:5A:D2:2A:5C:09:73:01:89:3B:2F:11:E8:FA:36:B3:F2:67:DC:AF:C8

(Note: I have anonymized the data in DirName)

Any help on why this is malformed? How can I generate a good certificate to be imported to the the key vault?

BTW, the certificate works fine for Application Gateway when I upload it manually.

Regards,
Feng

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
661 questions
{count} votes