Azure key vault certificate throws bad parameter error

Question

When I upload the certificate as this:

-----BEGIN CERTIFICATE-----
{my certificate}
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
{my key}
-----END PRIVATE KEY-----

I am getting the error:

The type of the private key of the X.509 certificate content is not supported. Supported key types are: [ec, ec-hsm, rsa, rsa-hsm].

Can you tell me why I am not able to upload the certificate?

https://docs.solarisgroup.co.uk/guides/encryption-examples/#Java

i am referring the above link and trying to use the private/public keys used in this example.

Answer 1

Initially I used the same public and private key from the blog and created a .pem file. When tried to upload I got the same error:

The error "The type of the private key of the X.509 certificate content is not supported. Supported key types are: [ec, ec-hsm, rsa, rsa-hsm]." usually occurs if there is an issue with private key being used or formatted when you're attempting to upload the certificate to Azure Key Vault.

• Azure Key Vault supports the following private key types RSA , RSA-HSM AND EC , EC-HSM
• The private key you're using seems to be in PKCS#1 format, which is the older format for RSA keys.

Hence to resolve the error and upload the cert to Azure key vault check the below:

# 1. Generate RSA private key
openssl genpkey -algorithm RSA -out rsa_key.pem -pkeyopt rsa_keygen_bits:2048

# 2. Generate CSR (Certificate Signing Request)
openssl req -new -key rsa_key.pem -out csr.pem

# 3. Generate self-signed certificate
openssl x509 -req -in csr.pem -signkey rsa_key.pem -out cert.pem -days 3650

# 4. Combine the private key and certificate into a single file
copy cert.pem + rsa_key.pem combinedruk.pem

Edit the file and remove the ? from the end of the file and save:

Now I am able to upload the .pem file successfully: