How to serialize and de-serialize a PFX certificate in Azure Key Vault?

0 votes

I have a bunch of strings and pfx certificates, which I want to store in Azure Key vault, where only allowed users/apps will be able to get them. 

It is not hard to do store a string as a Secret, but how can I serialize a certificate in such way that I could retrieve it and de-serialize as an "X509Certificate2" (msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2(v=vs.110).aspx) object in C#?

I tried to store it as a key. Here is the Azure powershell code:

$securepfxpwd = ConvertTo-SecureString -String 'superSecurePassword' -AsPlainText -Force
$key = Add-AzureKeyVaultKey -VaultName 'UltraVault' -Name 'MyCertificate' -KeyFilePath 'D:\Certificates\BlaBla.pfx' -KeyFilePassword $securepfxpwd

But when I tried to get it with GetKeyAsync method, I couldn't use it.

Sep 24, 2018 in Azure by null_void
• 3,220 points

edited Sep 24, 2018 by null_void 63 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes
Best answer

Here's a PowerShell script for you. Replace the file path, password, vault name, secret name.

$pfxFilePath = 'C:\mycert.pfx'
$pwd = '123'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName 'myVaultName' -Name 'mySecretName' -SecretValue $Secret -ContentType $secretContentType

This is a common question, so we are going to polish this up and release as a helper.

The script above strips the password because there's no value in having a password protected PFX and then storing the password next to it.

answered Sep 24, 2018 by club_seesharp
• 3,450 points

selected Sep 24, 2018 by null_void

Related Questions In Azure

0 votes
2 answers
0 votes
1 answer

Azure Blob: How to open a file in browser without downloading it?

First, because I was using a byte[] the controller ...READ MORE

answered Jun 20, 2018 in Azure by club_seesharp
• 3,450 points
1,712 views
0 votes
1 answer

How to get the list of names of Azure blob files in a container?

We can get some additional info like Size, ...READ MORE

answered Jun 27, 2018 in Azure by club_seesharp
• 3,450 points
209 views
+1 vote
2 answers

How do I establish an connection to Azure IoT Hub? Say a connection like MQTT/AMQP using Python.

Azure IoT Hub comes with 3 SDK's: Service SDK Device ...READ MORE

answered Apr 13, 2018 in Azure by null_void
• 3,220 points
390 views
0 votes
1 answer

How to upload a file on to Azure Blob storage without writing a code?

You can find the below tools useful ...READ MORE

answered Apr 13, 2018 in Azure by club_seesharp
• 3,450 points
70 views
0 votes
1 answer

Is there a logical difference between WebApp and API app in Azure?

Basically there was only minute differences between ...READ MORE

answered Apr 26, 2018 in Azure by null_void
• 3,220 points
20 views
0 votes
1 answer

How can I remove/hide/disable excessive HTTP response headers in Azure/IIS7 without having to use UrlScan?

MSDN published an article on how to ...READ MORE

answered May 21, 2018 in Azure by club_seesharp
• 3,450 points
236 views
0 votes
1 answer

How to determine the number of messages in an Azure Services Bus Queue?

You will get error when you try ...READ MORE

answered Jun 12, 2018 in Azure by null_void
• 3,220 points
46 views
0 votes
2 answers

How can I download a .vhd image to my local machine from azure and upload the same to a different azure account?

From the Windows Azure Portal you can ...READ MORE

answered Aug 20, 2018 in Azure by Priyaj
• 56,120 points
550 views
0 votes
1 answer

How to identify a deadlock in SQL Azure?

Monitoring of SQL Azure is more limited ...READ MORE

answered Jun 19, 2018 in Azure by club_seesharp
• 3,450 points
135 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.