![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
961 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
From your query , I understand that you are looking for a way to print or export the Advanced Policy Configuration for a certificate . You can use azure PowerShell for the same apart form the portal. Please find the details.
I created a certificate within my azure subscription called zapcert as shown below :-
You can use the Get-AzKeyVaultCertificatePolicy powershell module from the Az module to get details on the certificate policy for any certificate. You must have Azure AZ PowerShell Module installed. Please see the linked article on how to install and use the same. You also need to make sure that you have Key vault reader/Key vault administrator permission at the Keyvault resource level .
PS C:\> Connect-AzAccount
WARNING: TenantId 'xxxxxxxxxxxxxxx' contains more than one active subscription. First one will be selected for further use. To select another subscription, use Set-AzContext.
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
admin@xxxxxx.onmicrosoft.com Visual Studio Enterprise xxxxxxxx AzureCloud
PS C:\> Get-AzKeyVaultCertificatePolicy -VaultName "msdkv01" -Name "zapcert"
SecretContentType : application/x-pkcs12
Kty : RSA
KeySize : 4096
Curve :
Exportable : False
ReuseKeyOnRenewal : False
SubjectName : CN=zapcert.com
DnsNames : {zapcert.com}
KeyUsage : {cRLSign, digitalSignature, keyAgreement, keyEncipherment}
Ekus : {1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2}
ValidityInMonths : 12
IssuerName : Self
CertificateType :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime : 80
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime :
CertificateTransparency :
Enabled : True
Created : 3/29/2022 2:38:44 PM
Updated : 3/29/2022 2:38:44 PM
PS C:\> $cert01=(Get-AzKeyVaultCertificatePolicy -VaultName "mdkv01" -Name "zapcert" )
PS C:\> $cert01[0].Created
Tuesday, March 29, 2022 2:38:44 PM
PS C:\> $cert01[0].Exportable
False
PS C:\> $cert01[0].DnsNames
zapcert.com
PS C:\> $cert01[0].KeyUsage
cRLSign
digitalSignature
keyAgreement
keyEncipherment
PS C:\> $cert01[0].CertificateTransparency
Thus you can see all the details of the certificate using PowerShell . Hope this helps you with the information that you are looking for . In case you require any further information , please feel free to ask in comments and we will help you further on this. If the information is helpful , please do accept the post as answer which will help other members of the community .
Thank you .
- Please don't forget to click on
whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how - Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators