Basically I'm trying to add a private certificate (.pfx file) to an Integration Account. I'm using the new portal.
What I've done/created:
Whenever I go to my Integration Account > Certificates > Add > choose [Certificate Type]="Private", the comboboxes Resource Group and Key Vault get filled automatically but the Key Name throws the following error:
Communication with key vault [MY_KEY_VAULT] failed. Please authorize logic apps to perform operations on key vault by granting access for the logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations.
Weird stuff is that the ObjectID 7cd684f4-8a78-49b0-91ec-6a35d38739ba does not belong to my AD but to my company AD.
Need to set access policy
When you create private certificate, follow these steps:
Upload key to key vault
Set access policy, where logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba'
Set access policy:
Set-AzureRmKeyVaultAccessPolicy -VaultName 'IntegrationAccountVault1' -ServicePrincipalName $servicePrincipal -PermissionsToKeys decrypt, sign, get, list
In integration account, use add certificate and select private certificate from dropdown. Associate key with the corresponding public certificate.