Synek Pavel (SGEF) 1 Reputation point

I created a certificate with parametr exeportable privat key ='no'.
Is there any way how to be able to see or export or print Advanced Policy Configuration by each certificate created in key vaults ??


Thank you very much?


Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
961 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shashi Shailaj 7,551 Reputation points Microsoft Employee

    @Synek Pavel (SGEF) ,

    From your query , I understand that you are looking for a way to print or export the Advanced Policy Configuration for a certificate . You can use azure PowerShell for the same apart form the portal. Please find the details.

    I created a certificate within my azure subscription called zapcert as shown below :-


    187950-image.png 188021-image.png

    You can use the Get-AzKeyVaultCertificatePolicy powershell module from the Az module to get details on the certificate policy for any certificate. You must have Azure AZ PowerShell Module installed. Please see the linked article on how to install and use the same. You also need to make sure that you have Key vault reader/Key vault administrator permission at the Keyvault resource level .

    PS C:\> Connect-AzAccount  
    WARNING: TenantId 'xxxxxxxxxxxxxxx' contains more than one active subscription. First one will be selected for further use. To select another subscription, use Set-AzContext.  
    Account                          SubscriptionName         TenantId                             Environment  
    -------                          ----------------         --------                             ----------- Visual Studio Enterprise xxxxxxxx AzureCloud   
    PS C:\> Get-AzKeyVaultCertificatePolicy -VaultName "msdkv01" -Name "zapcert"  
    SecretContentType               : application/x-pkcs12  
    Kty                             : RSA  
    KeySize                         : 4096  
    Curve                           :   
    Exportable                      : False  
    ReuseKeyOnRenewal               : False  
    SubjectName                     :  
    DnsNames                        : {}  
    KeyUsage                        : {cRLSign, digitalSignature, keyAgreement, keyEncipherment}  
    Ekus                            : {,}  
    ValidityInMonths                : 12  
    IssuerName                      : Self  
    CertificateType                 :   
    RenewAtNumberOfDaysBeforeExpiry :   
    RenewAtPercentageLifetime       : 80  
    EmailAtNumberOfDaysBeforeExpiry :   
    EmailAtPercentageLifetime       :   
    CertificateTransparency         :   
    Enabled                         : True  
    Created                         : 3/29/2022 2:38:44 PM  
    Updated                         : 3/29/2022 2:38:44 PM  
    PS C:\> $cert01=(Get-AzKeyVaultCertificatePolicy -VaultName "mdkv01" -Name "zapcert" )  
    PS C:\> $cert01[0].Created  
    Tuesday, March 29, 2022 2:38:44 PM  
    PS C:\> $cert01[0].Exportable  
    PS C:\> $cert01[0].DnsNames  
    PS C:\> $cert01[0].KeyUsage  
    PS C:\> $cert01[0].CertificateTransparency  

    Thus you can see all the details of the certificate using PowerShell . Hope this helps you with the information that you are looking for . In case you require any further information , please feel free to ask in comments and we will help you further on this. If the information is helpful , please do accept the post as answer which will help other members of the community .

    Thank you .

    • Please don't forget to click on 130616-image.png whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    1 person found this answer helpful.
    0 comments No comments