I would like to use App Service Certificate outside of App Service ecosystem

praveen talluri 1 Reputation point
2022-05-26T16:57:20.22+00:00

I followed below article to generate pfx file and got an error at line 43 and 47
https://azure.github.io/AppService/2017/02/24/Creating-a-local-PFX-copy-of-App-Service-Certificate.html

Any answers??

Output:
PS E:\Certificates> Export-AppServiceCertificate -loginId 'XYZ@Company portal .com' -subscriptionId 'XYZ' -resourceGroupName 'RG-XYZ' -name 'XYZ'
WARNING: TenantId '' contains more than one active subscription. First one will be selected for further use. To select another subscription, use Set-AzContext.

Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------

Name :
Account :
Environment :
Subscription :
Tenant :
TokenCache :
VersionProfile :
ExtendedProperties : {}

WARNING: We have migrated the API calls for this cmdlet from Azure Active Directory Graph to Microsoft Graph.
Visit https://go.microsoft.com/fwlink/?linkid=2181475 for any permission issues.
Get Secret Access to account user@Company portal .com has been granted from the KeyVault, please check and remove the policy after exporting the certificate
New-Object:
Line |
43 | … CertObject= New-Object System.Security.Cryptography.X509Certificates. …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception calling ".ctor" with "3" argument(s): "Array may not be empty or null. (Parameter 'rawData')"
InvalidOperation:
Line |
47 | [io.file]::WriteAllBytes(".\appservicecertificate.pfx",$pfxCertOb …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| You cannot call a method on a null-valued expression.
Created an App Service Certificate copy at: E:\Certificates\appservicecertificate.pfx
WARNING: For security reasons, do not store the PFX password. Use it directly from the console as required.
PFX password: b2CzwTKWSB0Qo

Thanks,
Praveen

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,159 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 29,556 Reputation points Microsoft Employee
    2022-06-15T18:45:31.723+00:00

    @praveen talluri , line 47 failed because raw data of $pfxCertObject was null. That was null because line 43 failed. I'm not certain which X509Certificates2 .NET version is being used but in looking at the constructors, it seems like password is being sent as an empty string. I haven't walked through it, but I would try creating the password first and then passing it as an argument:

       $pfxPassword = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 50 | % {[char]$_})  
       $pfxCertObject= New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @([Convert]::FromBase64String($secret),$pfxPassword,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)  
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.