Reputation: 49
Azure key vault certificate import cannot handle BEGIN RSA PRIVATE KEY
I am trying to import a certificate.pem file to an azure key vault in the certificate section, that looks like this:
-----BEGIN RSA PRIVATE KEY-----
{my key}
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
{my certificate}
-----END CERTIFICATE-----
However I get the error message:
The specified PEM X.509 certificate content is in an unexpected format. Please check if certificate is in valid PEM format.
When I upload the certificate as this:
-----BEGIN PRIVATE KEY-----
{my key}
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
{my certificate}
-----END CERTIFICATE-----
I am getting the error:
The type of the private key of the X.509 certificate content is not supported. Supported key types are: [ec, ec-hsm, rsa, rsa-hsm].
Can you tell me why I am not able to upload the certificate?
Under https://www.sslshopper.com/certificate-key-matcher.html I checked the key and the certificate and everything seems fine there when I type in the key with "BEGIN RSA PRIVATE KEY".
Upvotes: 0
Views: 2254
Answers (1)
Reputation: 49
It seems that azure-key vault does not want you to upload private keys in RSA format:
-----BEGIN RSA PRIVATE KEY-----
{my key}
-----END RSA PRIVATE KEY-----
You can use openssl to convert it to PKCS8 private key:
openssl pkcs8 -topk8 -nocrypt -in certificate.pem
This command will you give you a private key in PKCS8 format:
-----BEGIN PRIVATE KEY-----
{my key}
-----END PRIVATE KEY-----
Upvotes: 1
Related Questions
- How to create .pfx file from certificate and private key?
- Sign a CSR with Azure Key Vault
- Differences between "BEGIN RSA PRIVATE KEY" and "BEGIN PRIVATE KEY"
- Import a pem format public key using import_key API of Azure key vault (python)
- Import Keystore and Truststore to Azure Key vault
- How to configure RSA HSM private and public key in microsoft azure vault?
- Azure Key Vault Protecting Certificate