CODEWITHSUNDEEP
azureazure-keyvault
goc
goc

Reputation: 33

Is it possible to store the Microsoft RSA Root Certificate Authority 2017 certificate in Key Vault?

When I try to store the certificate, I get the following message:

az keyvault certificate import --vault-name vault01 --name "MicrosoftRSA2017" --file "Microsoft RSA Root Certificate Authority 2017.crt"

(BadParameter) No certificate with private key found in the specified X.509 certificate content. Please specify X.509 certificate content with only one certificate containing private key. Code: BadParameter Message: No certificate with private key found in the specified X.509 certificate content. Please specify X.509 certificate content with only one certificate containing private key

.

Upvotes: 0

Views: 47

Answers (1)

Rukmini
Rukmini

Reputation: 16064

I have a sample Microsoft RSA Root Certificate Authority 2017.crt certificate:

enter image description here

When I tried to store the certificate, I got the same error:

enter image description here

The error "No certificate with private key found in the specified X.509 certificate content" usually occurs if you're trying to import a certificate without an associated private key, which is required for Key Vault to store it as a certificate.

  • The "Microsoft RSA Root Certificate Authority 2017" certificate is a public certificate, and it doesn’t contain a private key,

To resolve the error, check the below:

  • Store the certificate as a secret: Instead of using the --file option with the .crt file directly, you should base64 encode the certificate file and then upload it as a secret.
base64 "Microsoft RSA Root Certificate Authority 2017.crt" > encoded_cert.txt

az keyvault secret set --vault-name rukkkkkv33 --name "MicrosoftRSA2017" --value "$(cat encoded_cert.txt)"

enter image description here

enter image description here

Otherwise, you can Convert the certificate to a PFX format:

  • Uploading as a certificate into Key Vault requires both private key and public key.
  • If you have the private key (for example, if it’s stored somewhere else), you can combine the public certificate and private key into a PFX file like below:
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in Microsoft RSA Root Certificate Authority 2017.crt

Then you can upload this.pfx file into Key Vault:

az keyvault secret set --vault-name vault01 --name "MicrosoftRSA2017" --file "Microsoft RSA Root Certificate Authority 2017.crt"

If you do not have private key, then upload certificate as secret in key vault.

Upvotes: 0

Related Questions