Is it possible to store the Microsoft RSA Root Certificate Authority 2017 certificate in Key Vault?
When I try to store the certificate, I get the following message:
az keyvault certificate import --vault-name vault01 --name "MicrosoftRSA2017" --file "Microsoft RSA Root Certificate Authority 2017.crt"
(BadParameter) No certificate with private key found in the specified X.509 certificate content. Please specify X.509 certificate content with only one certificate containing private key. Code: BadParameter Message: No certificate with private key found in the specified X.509 certificate content. Please specify X.509 certificate content with only one certificate containing private key
.
I have a sample Microsoft RSA Root Certificate Authority 2017.crt certificate:
When I tried to store the certificate, I got the same error:
The error "No certificate with private key found in the specified X.509 certificate content" usually occurs if you're trying to import a certificate without an associated private key, which is required for Key Vault to store it as a certificate.
- The "Microsoft RSA Root Certificate Authority 2017" certificate is a public certificate, and it doesn’t contain a private key,
To resolve the error, check the below:
- Store the certificate as a secret: Instead of using the
--fileoption with the.crtfile directly, you should base64 encode the certificate file and then upload it as a secret.
base64 "Microsoft RSA Root Certificate Authority 2017.crt" > encoded_cert.txt
az keyvault secret set --vault-name rukkkkkv33 --name "MicrosoftRSA2017" --value "$(cat encoded_cert.txt)"
Otherwise, you can Convert the certificate to a PFX format:
- Uploading as a certificate into Key Vault requires both private key and public key.
- If you have the private key (for example, if it’s stored somewhere else), you can combine the public certificate and private key into a PFX file like below:
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in Microsoft RSA Root Certificate Authority 2017.crt
Then you can upload this.pfx file into Key Vault:
az keyvault secret set --vault-name vault01 --name "MicrosoftRSA2017" --file "Microsoft RSA Root Certificate Authority 2017.crt"
If you do not have private key, then upload certificate as secret in key vault.
- Is it possible to store the Microsoft RSA Root Certificate Authority 2017 certificate in Key Vault?
- Service Connection permissions error when trying to access Azure Key vault secrets from within an Azure DevOps pipeline with the task AzureKeyVault@2
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- How can I Get Started Using Certificates to Authenticate my APIs Using Azure Key Vault?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- referencing different subscription resource
- Terraform Error while trying to use Azure Key Vault Private Endpoint Resource
- How do I get a certificate (public and private key) into a windows container in AKS?
- Error while running Terraform Import Command to import Azure Key Vault
- Using azuresigntool in an Azure DevOps pipeline
- How to enable logging and speed up startup time for Azure App Configuration?
- How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?
- Can we get secret value using dbutil in databricks from across envrionment?
- Use of HttpClient with a DelegatingHandler in Azure Durable Orchestrations
- ClickOnce signing via Azure Key Vault
- How to load secrets.json for the Local environment instead of Development in ASP.NET Core?
- Azure key vault certificate throws bad parameter error
- How to add new secrets (from Azure Key Vault) to the variable group in Azure Devops
- Retrieve Secret from Azure Key Vault fails in .NET Aspire, but works with curl
- Creating RSA Public Key From String throws exception
- Azure functions - where to store configuration values
- Is it possible to create multiple Key Vaults in the same resource group?
- Uses SQL connection strings from Azure Keyvault in Azure functions
- Azurerm: KeyVault Nested Item should contain 2 or 3 segments, got 10
- Key Vault Secret issue - Firewall is turned on and your client IP address is not authorized to access this key vault
- Need guidance on how to create Access Policy for Key Vault in a different group from ARM Template deployment
- Terraform set data source of key vault based on variable
- Link private endpoint connection with Azure Keyvault using ARM template
- Create Azure Key Vault backed secret scope in Databricks with AAD Token
- Azure KeyVault Secret near expiry list to email as a notification