I've been following this guide to use a certificate to authenticate with key vault from azure batch. Every certificate I generate causes errors on import into azure batch, some examples are listed below:
code : InvalidPropertyValue message : The value provided for one of the properties in the request body is invalid. PropertyName: data Reason: The specified data and the password do not match
or
Unable to get property 'tbsCertificate' of undefined or null reference
or
Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?
Are there any requirements for the certificate that I'm not aware of? Alternatively is it possible to assign a managed identity or service principal to my Azure Batch Pool instead, if certificates are not working.
Using this article as a guide, I added the below options to the makecert command.
-a sha256 -len 2048
This certificate on it's own still wont work, you then need to run pvk2pfx with only the below options:
pvk2pfx -pvk batchcertificate.pvk -spc batchcertificate.cer
This opens the wizard, using which you then need to: