How to extract the root CA certificate from keyvault certificate using command?
I have a certificate in the azure key vault. I want to use the root certificate of this certificate in backend settings of application gateway.
I already used the keyvault certificate in listener for TLS termination with Application gateway ARM template using property "sslCertificate".
I want to know whether there is any option to use the certificate from keyvault and extract root certificate from it using ARM template to use in backend https settings of application gateway?
I want to know if there is any powershell command or ARM template option to extract the root certificate from the keyvault?
I want these to automate the deployment process and not do it manually.
I tried to upload the root certificate manually after downloading the certificate in local machine as per the link here and it is working fine manually.
I tried to reproduce the same in my environment and got the results below:
Created a keyvault with certificate using powershell like below:
Install-Module -Name Az.ManagedServiceIdentity
Connect-AzAccount
Select-AzSubscription -Subscription b83c1ed3-c5b6-44fb-b5bXXXX
$rgname = "<ResourcegroupName>"
$location = "EastUS"
$kv = "<keyvaultName"
$appgwName = "<AppGw>"
$identity = New-AzUserAssignedIdentity -Name "appgwKeyVaultIdentity" -Location $location -ResourceGroupName $rgname
$keyVault = New-AzKeyVault -Name $kv -ResourceGroupName $rgname -Location $location
Set-AzKeyVaultAccessPolicy -VaultName $kv -PermissionsToSecrets get -ObjectId $identity.PrincipalId
$policy = New-AzKeyVaultCertificatePolicy -ValidityInMonths 12 `
-SubjectName "CN=www.contoso11.com" -IssuerName self `
-RenewAtNumberOfDaysBeforeExpiry 30
Set-AzKeyVaultAccessPolicy -VaultName $kv -EmailAddress <Your Email address> -PermissionsToCertificates create,get,list
$certificate = Add-AzKeyVaultCertificate -VaultName $kv -Name "cert1" -CertificatePolicy $policy
$certificate = Get-AzKeyVaultCertificate -VaultName $kv -Name "cert1"
#$secretId = $certificate.SecretId.Replace($certificate.Version, "")
In portal certificate was created successfully like below:
To extract the root certificate from the keyvault Make use of below powershell script:
$vaultName = '<YourVault>'
$certificateName = '<YourCert>'
$password = '<YourPwd>'
$pfxSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certificateName -AsPlainText
$secretByte = [Convert]::FromBase64String($pfxSecret)
$x509Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$x509Cert.Import($secretByte, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxFileByte = $x509Cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)
#Write to a file
[IO.File]::WriteAllBytes("C:\Temp\YourCertificateName.pfx", $pfxFileByte)
In folder certificates got exported successfully like below:
. Reference:
TLS termination using PowerShell - Azure Application Gateway | Microsoft Learn
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?