Azure Authentication With Certificate Setup

Question

I'm trying to set up Azure Key Vault so I can access with a certificate from my PHP application. I'm trying to follow the steps at https://azurecto.com/azure-keyvault-authenticating-with-certificates-and-reading-secrets/ , which says you have to create an AD application, but i'm getting error messages. This is what I tried.

A. I already have a self-signed .pfx file on my Windows machine.

B. Because I already have a .pfx file, i change up his steps a bit. I import the .pfx file into the console with

$cert = Get-PfxCertificate -FilePath "C:\azurecrt.pfx"

C. Then it says to create some variables

$vaultName = 'Picklistsca1'
$dnsName = 'picklistsfakeurl.ca'
$dummyUrl = "http://$dnsName/"

D. Then it says call New-AzureRmADApplication. This is where I get into trouble.

$app = New-AzureRmADApplication 
    -DisplayName $dummyUrl 
    -HomePage $dummyUrl 
    -IdentifierUris $dummyUrl 
    -CertValue $cert 
    -StartDate '2018-04-07 6:40:23 PM' 
    -EndDate '2019-04-07 6:40:23 PM'

I get the error message "New-AzureRmADApplication : Cannot convert a primitive value to the expected type 'Edm.Binary'. See the inner exception for more details."

I think this is because the $cert has to be in base64 format, but everything I've tried to convert it to base64 fails. For example I've tried

$bytes = [System.IO.File]::ReadAllBytes("C:\azurecrt.pfx")
$b64 = [System.Convert]::ToBase64String($bytes)

Then replace $cert with $b64 in New-AzureRmADApplication. That gives me the error "New-AzureRmADApplication : Invalid certificate: Key value is invalid certificate"

Any advice would be greatly appreciated. Thanks

Answer 1

I'm trying to set up Azure Key Vault so I can access with a certificate from my PHP application

You could get the answer and demo code from this tutorial . As juunas mentioned that you need a .cer file.

Following is the snippet from the tutorial

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certificate.Import('c:\\location\\certificate.cer') # need a .cer file. $startDate = $certificate.GetEffectiveDateString() $endDate = $certificate.GetExpirationDateString() $credValue = [System.Convert]::ToBase64String($certificate.GetRawCertData()) $azureADApplication = New-AzureRmADApplication -DisplayName "{application name}" -HomePage "{application page}" -IdentifierUris "{application page}" -KeyValue $credValue -KeyType "AsymmetricX509Cert" -KeyUsage "Verify" -StartDate $startDate -EndDate $endDate

Update:

I have updated the code as following. I have tested it on my side.

$credValue = [System.Convert]::ToBase64String($certificate.GetRawCertData())
$azureADApplication = New-AzureRmADApplication -DisplayName "{application name}" -HomePage "{application page}" -IdentifierUris "{application page}" -CertValue $credValue  -StartDate $startDate -EndDate $endDate
$azureADApplication.ApplicationId
$principal= New-AzureRmADServicePrincipal -ApplicationId $azureADApplication.ApplicationId