Import-AzKeyVaultCertificate

Reference

Module:: Az.KeyVault

Imports a certificate to a key vault.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

Import-AzKeyVaultCertificate
      [-VaultName] <String>
      [-Name] <String>
      -FilePath <String>
      [-Password <SecureString>]
      [-Tag <Hashtable>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Import-AzKeyVaultCertificate
      [-VaultName] <String>
      [-Name] <String>
      -CertificateString <String>
      [-Password <SecureString>]
      [-Tag <Hashtable>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Import-AzKeyVaultCertificate
      [-VaultName] <String>
      [-Name] <String>
      [-CertificateCollection] <X509Certificate2Collection>
      [-Tag <Hashtable>]
      [-DefaultProfile <IAzureContextContainer>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

The Import-AzKeyVaultCertificate cmdlet imports a certificate into a key vault. You can create the certificate to import by using one of the following methods:

Use Add-AzKeyVaultCertificate to create a certificate signing request and submit it to a certificate authority. See https://docs.microsoft.com/azure/key-vault/certificates/create-certificate-signing-request
Use an existing certificate package file, such as a .pfx or .p12 file, which contains both the certificate and private key.

Examples

Example 1: Import a key vault certificate

$Password = ConvertTo-SecureString -String "123" -AsPlainText -Force
Import-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "ImportCert01" -FilePath "C:\Users\contosoUser\Desktop\import.pfx" -Password $Password

Name        : importCert01
Certificate : [Subject]
                CN=contoso.com

              [Issuer]
                CN=contoso.com

              [Serial Number]
                XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

              [Not Before]
                2/8/2016 3:11:45 PM

              [Not After]
                8/8/2016 4:21:45 PM

              [Thumbprint]
                XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Thumbprint  : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags        :
Enabled     : True
Created     : 2/8/2016 11:50:43 PM
Updated     : 2/8/2016 11:50:43 PM

The first command uses the ConvertTo-SecureString cmdlet to create a secure password, and then stores it in the $Password variable. The second command imports the certificate named ImportCert01 into the CosotosoKV01 key vault.

Parameters

-CertificateCollection

Specifies the certificate collection to add to a key vault.

Type:	X509Certificate2Collection
Position:	2
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-CertificateString

Specifies a certificate string.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-FilePath

Specifies the path of the certificate file that this cmdlet imports.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

Specifies the certificate name. This cmdlet constructs the fully qualified domain name (FQDN) of a certificate from key vault name, currently selected environment, and certificate name.

Type:	String
Aliases:	CertificateName
Position:	1
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-Password

Specifies the password for a certificate file.

Type:	SecureString
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Tag

Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"}

Type:	Hashtable
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-VaultName

Specifies the key vault name into which this cmdlet imports certificates. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name and currently selected environment.