Azure key vault to manage certificates

Question

Hello, I am having an Azure key-vault store and a CA trust root certificate provided by the trust authority - Sectigo. Now, I want to upload this certificate in my key-vault store. However, it says 'Private key is not specified in the specified X.509 PEM certificate content. Please specify private key in the X.509 PEM certificate content.' Can someone please help me out on this ? This PEM file I have created from the .CRT file provided by the CA trust authority Sectigo, using openssl command. Please let me know if I am missing anything here. @sauravmishra-msft would appreciate your help. Thanks in advance.

Answer 1

Hello @Sushil Yadav ,

Thanks for reaching out.

Azure Key Vault supports .pem and .pfx certificate files for importing Certificates into Key vault. We support the following type of Import for PEM file format. A single PEM encoded certificate along with a PKCS#8 encoded, unencrypted key which has the following

-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----

-----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----

When you are importing the certificate, you need to ensure that the key is included in the file itself. If you have the private key separately in a different format, you would need to combine the key with the certificate. Some certificate authorities provide certificates in different formats, therefore before importing the certificate, make sure that they are either in .pem or .pfx format.

Note: A certificate in .pem format, the private part should not be encrypted with RSA

For more information, read https://learn.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios#import-a-certificate

Hope this helps.

----------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.