Basically I'm trying to add a private certificate (.pfx file) to an Integration Account. I'm using the new portal.
What I've done/created:
Whenever I go to my Integration Account > Certificates > Add > choose [Certificate Type]="Private", the comboboxes Resource Group and Key Vault get filled automatically but the Key Name throws the following error:
Communication with key vault [MY_KEY_VAULT] failed. Please authorize logic apps to perform operations on key vault by granting access for the logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations.
Weird stuff is that the ObjectID 7cd684f4-8a78-49b0-91ec-6a35d38739ba does not belong to my AD but to my company AD.
Need to set access policy
When you create private certificate, follow these steps:
Upload key to key vault
Set access policy, where logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba'
Set access policy:
Set-AzureRmKeyVaultAccessPolicy -VaultName 'IntegrationAccountVault1' -ServicePrincipalName $servicePrincipal -PermissionsToKeys decrypt, sign, get, list
In integration account, use add certificate and select private certificate from dropdown. Associate key with the corresponding public certificate.
The error message you have copied clearly says that the authorization step is missing. Need to authorize the Logic Apps to perform operations on Key Vault by granting access to the Logic Apps service principal ('7cd684f4-8a78-49b0-91ec-6a35d38739ba').
Execute the Set access policy given above.
I have copied the error you have posted for reference.
"Communication with key vault [MY_KEY_VAULT] failed. Please authorize logic apps to perform operations on key vault by granting access for the logic apps service principal '7cd684f4-8a78-49b0-91ec-6a35d38739ba' for 'list', 'get', 'decrypt' and 'sign' operations"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.