question

YimSam-0753 avatar image
0 Votes"
YimSam-0753 asked YimSam-0753 commented

get friendly name from certificate in key vault?

I saw in my key vault for the certificates, it doesn't show friendly name for the certificate as one of the fields. Is it possible to retrieve the friendly name from the certificate that is stored in key vault?

azure-key-vault
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@YimSam-0753
Thank you for your post!

  • When you say "friendly name", are you referring to the Certificates actual name?

  • Can you share a screenshot of what you're seeing?

  • What method are you using to get the certificate? REST API, Portal, CLI/PowerShell?


Any additional information or screenshots would be greatly appreciated.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

I believe the friendly name is just a name you can give to the certificate for personal use to better reference it so it might be different than the certificate's actual name. these are the fields I see when I go to my key vault, then press certificates, then click on one of my certificates. I don't see friendly name here but when I created the certificate I added friendly name before uploading it to the key vault.
201430-image.png





0 Votes 0 ·
image.png (58.6 KiB)

I used powershell to upload the certificate to the key vault. here is the code

 foreach($certName in $certNames) {
     $blob = Get-AzStorageBlob -Context $StorageAccount.Context -Container $SourceContainerName -Blob "$certName.pfx"
     $byteArray = New-Object Byte[] $blob.Length
     $blob.ICloudBlob.DownloadToByteArray($byteArray, 0)
     $certPasswordSecret = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name ("$($certName)Password") -AsPlainText
    
     $flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
     $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
     $certCollection.Import($byteArray, $certPasswordSecret, $flags)
     Import-AzKeyVaultCertificate -Name $certName -VaultName $keyVaultName -CertificateCollection $certCollection
 }
0 Votes 0 ·

I'm then using DSC to grab the certificate from the key vault and store it my certificates on the windows machine. Is it possible since key vault doesn't seem to track friendly name it's not possible to get that from the cert?

0 Votes 0 ·

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered YimSam-0753 commented

@YimSam-0753
Thank you for following up on this!

From your screenshot - subject, issuer, secret identifier, etc., are the specific certificate version properties/policy. When it comes to the name of the certificate that you created, you should be able to find it within your Key Vault under Certificates.
201604-image.png

If you're leveraging PowerShell, you can find the name of the certificate within the Name field

Links:
Get-AzKeyVault
Get-AzKeyVaultCertificate

 #Get all Certificates within your Key Vault
 Get-AzKeyVaultCertificate -VaultName "jtranKeyVault"

 #Get Certificate by name
 Get-AzKeyVaultCertificate -VaultName "jtranKeyVault" -Name "FriendlyNameCert"

201605-image.png


When you mention using a DSC to grab the certificate, I'm assuming you could be referring to something similar to the Key Vault virtual machine extension for Windows. If so, you should be able to navigate to the file path - `C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.KeyVault.KeyVaultForWindows\most recent version`, to find the Certificate name by looking for the full certificate ID/URL. For more info - Logs and configuration.
201574-image.png


I hope this helps!


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (81.5 KiB)
image.png (114.7 KiB)
image.png (21.9 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@YimSam-0753
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·

hey sorry I lost the link to this question, I was able to resolve it! that name field you get from running the Get-AzKeyVaultCertificate is actually not the same as the friendly name of a certificate. I found out by trying to download the certificate from the key vault that it doesn't save the friendly name of the certificate even though I specified one before uploading the certificate to the vault. I had to use DSC to add in the friendly name after grabbing the certificate from the vault before importing it into my server

0 Votes 0 ·