question

PriyankaAgrawal-9915 avatar image
0 Votes"
PriyankaAgrawal-9915 asked FabianGonzalez-MSFT commented

Retrieving Certificate with complete chain from Azure KeyVault using Java SDK

I am using Azure Client SDK (azure-security-keyvault-certificates) to manage certificates in the Azure Key Vault. The certificate was uploaded with private key and complete certificate chain. I am using CertificateClient to retrieve the certificate :
https://docs.microsoft.com/en-us/java/api/com.azure.security.keyvault.certificates.certificateclient.getcertificate?view=azure-java-stable#com_azure_security_keyvault_certificates_CertificateClient_getCertificate_java_lang_String_

But this returns KeyVaultCertificate which only contains the public certificate and not the certificate chain. How can we export the CA Certifiacte Chain as well using the SDK.

Note : If I export the same certificate from Azure UI Portal, I can get the complete chain.

azure-key-vault
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PriyankaAgrawal-9915 Thanks for reaching out and apologies for delay on this. Have you got it working by any chance, if yes, please share the solution so that the community can benefit. I will look into this as well to see what we can do here. Will update soon.

0 Votes 0 ·

1 Answer

FabianGonzalez-MSFT avatar image
0 Votes"
FabianGonzalez-MSFT answered FabianGonzalez-MSFT commented

Hey there @PriyankaAgrawal-9915!

Vipul pinged me to collaborate on this. I would like to ask if you've tried to retrieve the certificate as a secret? Because of the composition of a certificate​ in Key Vault the certificate might need to be downloaded like this.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Fabian, No I haven't tried to retrieve the certificate as a secret. When looking at the details of the certificate its secret identifier is not listed, Did I miss something when uploading the certificate?

0 Votes 0 ·

Here is a snip of what I am referring to

114205-image.png


0 Votes 0 ·
image.png (4.4 KiB)

Is it an EC-keyed certificate? If so, that's expected because the GUI still don't support such certificates. You should be able to see/get the secret if you run: Get-AzKeyVaultSecret -VaultName 'Contoso' -Name 'secret1'

0 Votes 0 ·