I'm trying to set up Azure Key Vault so I can access with a certificate from my PHP application. I'm trying to follow the steps at https://azurecto.com/azure-keyvault-authenticating-with-certificates-and-reading-secrets/ , which says you have to create an AD application, but i'm getting error messages. This is what I tried.
A. I already have a self-signed .pfx file on my Windows machine.
B. Because I already have a .pfx file, i change up his steps a bit. I import the .pfx file into the console with
$cert = Get-PfxCertificate -FilePath "C:\azurecrt.pfx"
C. Then it says to create some variables
$vaultName = 'Picklistsca1'
$dnsName = 'picklistsfakeurl.ca'
$dummyUrl = "http://$dnsName/"
D. Then it says call New-AzureRmADApplication. This is where I get into trouble.
$app = New-AzureRmADApplication
-DisplayName $dummyUrl
-HomePage $dummyUrl
-IdentifierUris $dummyUrl
-CertValue $cert
-StartDate '2018-04-07 6:40:23 PM'
-EndDate '2019-04-07 6:40:23 PM'
I get the error message "New-AzureRmADApplication : Cannot convert a primitive value to the expected type 'Edm.Binary'. See the inner exception for more details."
I think this is because the $cert has to be in base64 format, but everything I've tried to convert it to base64 fails. For example I've tried
$bytes = [System.IO.File]::ReadAllBytes("C:\azurecrt.pfx")
$b64 = [System.Convert]::ToBase64String($bytes)
Then replace $cert with $b64 in New-AzureRmADApplication. That gives me the error "New-AzureRmADApplication : Invalid certificate: Key value is invalid certificate"
Any advice would be greatly appreciated. Thanks
I'm trying to set up Azure Key Vault so I can access with a certificate from my PHP application
You could get the answer and demo code from this tutorial . As juunas mentioned that you need a .cer file.
Following is the snippet from the tutorial
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certificate.Import('c:\\location\\certificate.cer') # need a .cer file. $startDate = $certificate.GetEffectiveDateString() $endDate = $certificate.GetExpirationDateString() $credValue = [System.Convert]::ToBase64String($certificate.GetRawCertData()) $azureADApplication = New-AzureRmADApplication -DisplayName "{application name}" -HomePage "{application page}" -IdentifierUris "{application page}" -KeyValue $credValue -KeyType "AsymmetricX509Cert" -KeyUsage "Verify" -StartDate $startDate -EndDate $endDate
Update:
I have updated the code as following. I have tested it on my side.
$credValue = [System.Convert]::ToBase64String($certificate.GetRawCertData())
$azureADApplication = New-AzureRmADApplication -DisplayName "{application name}" -HomePage "{application page}" -IdentifierUris "{application page}" -CertValue $credValue -StartDate $startDate -EndDate $endDate
$azureADApplication.ApplicationId
$principal= New-AzureRmADServicePrincipal -ApplicationId $azureADApplication.ApplicationId
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.