get friendly name from certificate in key vault?

Yim, Sam 126

I saw in my key vault for the certificates, it doesn't show friendly name for the certificate as one of the fields. Is it possible to retrieve the friendly name from the certificate that is stored in key vault?

JamesTran-MSFT 36,376 Reputation points Microsoft Employee

2022-05-11T22:11:31.643+00:00
@Yim, Sam
Thank you for your post!

When you say "friendly name", are you referring to the Certificates actual name?

Can you share a screenshot of what you're seeing?

What method are you using to get the certificate? REST API, Portal, CLI/PowerShell?

Any additional information or screenshots would be greatly appreciated.
Thank you for your time and patience throughout this issue.
Yim, Sam 126 Reputation points

2022-05-12T12:50:51.323+00:00

I believe the friendly name is just a name you can give to the certificate for personal use to better reference it so it might be different than the certificate's actual name. these are the fields I see when I go to my key vault, then press certificates, then click on one of my certificates. I don't see friendly name here but when I created the certificate I added friendly name before uploading it to the key vault.

Yim, Sam 126

I used powershell to upload the certificate to the key vault. here is the code

foreach($certName in $certNames) {
    $blob = Get-AzStorageBlob -Context $StorageAccount.Context -Container $SourceContainerName -Blob "$certName.pfx"
    $byteArray = New-Object Byte[] $blob.Length
    $blob.ICloudBlob.DownloadToByteArray($byteArray, 0)
    $certPasswordSecret = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name ("$($certName)Password") -AsPlainText

    $flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
    $certCollection.Import($byteArray, $certPasswordSecret, $flags)
    Import-AzKeyVaultCertificate -Name $certName -VaultName $keyVaultName -CertificateCollection $certCollection
}

Yim, Sam 126 Reputation points

2022-05-12T12:52:11.987+00:00

I'm then using DSC to grab the certificate from the key vault and store it my certificates on the windows machine. Is it possible since key vault doesn't seem to track friendly name it's not possible to get that from the cert?

Accepted answer

JamesTran-MSFT 36,376 Reputation points Microsoft Employee

2022-05-12T23:53:04.927+00:00
@Yim, Sam
Thank you for following up on this!

From your screenshot - subject, issuer, secret identifier, etc., are the specific certificate version properties/policy. When it comes to the name of the certificate that you created, you should be able to find it within your Key Vault under Certificates.

If you're leveraging PowerShell, you can find the name of the certificate within the Name field

Links:
Get-AzKeyVault
Get-AzKeyVaultCertificate

#Get all Certificates within your Key Vault Get-AzKeyVaultCertificate -VaultName "jtranKeyVault" #Get Certificate by name Get-AzKeyVaultCertificate -VaultName "jtranKeyVault" -Name "FriendlyNameCert"

When you mention using a DSC to grab the certificate, I'm assuming you could be referring to something similar to the Key Vault virtual machine extension for Windows. If so, you should be able to navigate to the file path - C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\most recent version\, to find the Certificate name by looking for the full certificate ID/URL. For more info - Logs and configuration.

I hope this helps!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Please sign in to rate this answer.
JamesTran-MSFT 36,376 Reputation points Microsoft Employee

2022-05-16T17:40:17.22+00:00

@Yim, Sam
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

Yim, Sam 126 Reputation points

2022-05-19T17:09:45.957+00:00

hey sorry I lost the link to this question, I was able to resolve it! that name field you get from running the Get-AzKeyVaultCertificate is actually not the same as the friendly name of a certificate. I found out by trying to download the certificate from the key vault that it doesn't save the friendly name of the certificate even though I specified one before uploading the certificate to the vault. I had to use DSC to add in the friendly name after grabbing the certificate from the vault before importing it into my server
Sign in to comment

get friendly name from certificate in key vault?

0 additional answers