I am trying to import a certificate.pem file to an azure key vault in the certificate section, that looks like this:
-----BEGIN RSA PRIVATE KEY-----
{my key}
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
{my certificate}
-----END CERTIFICATE-----
However I get the error message:
The specified PEM X.509 certificate content is in an unexpected format. Please check if certificate is in valid PEM format.
When I upload the certificate as this:
-----BEGIN PRIVATE KEY-----
{my key}
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
{my certificate}
-----END CERTIFICATE-----
I am getting the error:
The type of the private key of the X.509 certificate content is not supported. Supported key types are: [ec, ec-hsm, rsa, rsa-hsm].
Can you tell me why I am not able to upload the certificate?
Under https://www.sslshopper.com/certificate-key-matcher.html I checked the key and the certificate and everything seems fine there when I type in the key with "BEGIN RSA PRIVATE KEY".
It seems that azure-key vault does not want you to upload private keys in RSA format:
-----BEGIN RSA PRIVATE KEY-----
{my key}
-----END RSA PRIVATE KEY-----
You can use openssl to convert it to PKCS8 private key:
openssl pkcs8 -topk8 -nocrypt -in certificate.pem
This command will you give you a private key in PKCS8 format:
-----BEGIN PRIVATE KEY-----
{my key}
-----END PRIVATE KEY-----