Reputation: 49
Azure Certificate import - Bad Parameter
I am creating an azure certificate like this:
az keyvault certificate create --name testName -p "$(az keyvault certificate get-default-policy)" --vault-name keyvaulttest01
Then I am importing a certificate like this:
az keyvault certificate import --file test.pem --name testName --vault-name keyvaultest01
After running the import I get following error:
(BadParameter) The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format. Code: BadParameter Message: The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format.
My test.pem file has the following format:
-----BEGIN PRIVATE KEY-----
….
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
….
-----END CERTIFICATE-----
I thought my test.pem file has a problem, so I tried to upload it manually in the azure ui and it worked.
The strange thing is, after uploading it via the azure ui, suddenly my import command is also working.
So it seems that my pem file is allright, but somehow the azure cli has some problems. Does anyone have an idea how to solve this?
UPDATE:
After the help of another user, I am using now the following code to import the certificate:
policy=$(az keyvault certificate get-default-policy | sed 's$application/x-pkcs12$application/x-pem-file$')
az keyvault certificate import --file test.pem --name testName --vault-name keyvaultest01 --policy $policy
Here I am getting now the error:
Failed to parse string as JSON:
{
Error detail: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)
The policy looks like this:
{
"issuerParameters": {
"certificateTransparency": null,
"name": "Self"
},
"keyProperties": {
"curve": null,
"exportable": true,
"keySize": 2048,
"keyType": "RSA",
"reuseKey": true
},
"lifetimeActions": [
{
"action": {
"actionType": "AutoRenew"
},
"trigger": {
"daysBeforeExpiry": 90
}
}
],
"secretProperties": {
"contentType": "application/x-pem-file"
},
"x509CertificateProperties": {
"keyUsage": [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyEncipherment",
"keyAgreement",
"keyCertSign"
],
"subject": "CN=CLIGetDefaultPolicy",
"validityInMonths": 12
}
}
Upvotes: 0
Views: 623
Answers (1)
Reputation: 3301
The default certificate policy uses contentType application/x-pkcs12 (PFX). You need application/x-pem-file when importing the certificate. There's no need to create the certificate, though: you're creating a second version of the same name when you import. The PEM file should contain both the private and public keys.
policy=$(az keyvault certificate get-default-policy | sed 's$application/x-pkcs12$application/x-pem-file$')
az keyvault certificate import --file test.pem --name testName --vault-name keyvaultest01 --policy "$policy"
Upvotes: 0
Related Questions
- How do I import other Python files?
- How to import an SQL file using the command line in MySQL?
- When should I use curly braces for ES6 import?
- "Debug certificate expired" error in Eclipse Android plugins
- Import Keystore and Truststore to Azure Key vault
- How to prevent Private Key export for imported Certificate