How can I retrieve the PFX Password of a generated Azure Key Vault certificate?

Question

Azure Key Vault allows you to generate certificates right in the GUI. After, you can download these certificates as a pfx file.

Are these pfx files password protected? I am trying to use this certificate somewhere and it won't let me proceed without a password.

Answer 1

The downloaded pfx has a blank password. Leave it empty to install localy and then export with your own password.

Answer 2

Using the following PowerShell script for AzureRM I can export a pfx from the Key Vault with a password:

# Replace these variables with your own values
$vaultName = "<KEY_VAULT>"
$certificateName = "<CERTIFICATE_NAME>"
$pfxPath = [Environment]::GetFolderPath("Desktop") + "\$certificateName.pfx"
$password = "<PASSWORD>"

$pfxSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
$pfxUnprotectedBytes = [Convert]::FromBase64String($pfxSecret.SecretValueText)
$pfx = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($pfxUnprotectedBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxProtectedBytes = $pfx.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)
[IO.File]::WriteAllBytes($pfxPath, $pfxProtectedBytes)

Credit goes to Brendon Coombes in his blog post.