question

MSFTD3V-2692 avatar image
1 Vote"
MSFTD3V-2692 asked SnehaAgrawal-MSFT answered

Creating a local PFX copy of App Service Certificate - Error in Script

In following a walkthrough of how to export my Azure Certificate here: https://azure.github.io/AppService/2017/02/24/Creating-a-local-PFX-copy-of-App-Service-Certificate.html

I kept running into an error after retrieving the keyVault:

New-Object : Exception calling ".ctor" with "3" argument(s): "Array may not be empty or null.
Parameter name: rawData"
At line:43 char:21
+ ... CertObject= New-Object System.Security.Cryptography.X509Certificates. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

You cannot call a method on a null-valued expression.
At line:47 char:5
+ [io.file]::WriteAllBytes(".\appservicecertificate.pfx",$pfxCertOb ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull


I discovered that this walk through is outdate and needs to be updated. You must update where it is grabbing the secret and using it to create the certificate:

$secret = Get-AzKeyVaultSecret -VaultName $keyVaultName -Name $keyVaultSecretName -AsPlainText
Write-Host ($secret | Format-List | Out-String)
$pfxCertObject= New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @([Convert]::FromBase64String($secret),"",[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)

azure-webapps-ssl-certificates
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MSFTD3V-2692

Thank you so much for sharing this solution!!

0 Votes 0 ·

1 Answer

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered

Apologize for late response! Thanks for bringing this up. This blog is from 2017 and needs an update. We are internally working on this. Will update here accordingly.

Further to elaborate: The attribute SecretValue is not available anymore. Check this Github discussion, the SecretValueText has been deprecated since Az version 3.0.0 : https://github.com/MicrosoftDocs/azure-docs/issues/64538

For now, Its suggested to use portal to export app service certificates as a mitigation.

Export Azure App Service Certificate & Upload to Azure App Service Website – .net dev life (wordpress.com)

or if you want a CLI, the command below can download easier:

https://docs.microsoft.com/en-us/cli/azure/keyvault/secret?view=azure-cli-latest#az_keyvault_secret_download

Also check this link might be helpful : https://docs.microsoft.com/en-us/answers/questions/366519/unable-to-export-app-service-certificate.html

Thanks-



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.