10

I have the below piece of code to download cert from Azure Key Vault.

   $secretName = "TestCert"
    $kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
    $kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText)
    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
    $certCollection.Import($kvSecretBytes,$null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)

But While importing cert to the certCollection the import method is throwing below error.

Exception calling "Import" with "3" argument(s): "Cannot find the requested object.
"
At C:\Users\abc\Desktop\test2.ps1:8 char:1
+ $certCollection.Import($kvSecretBytes,$null,[System.Security.Cryptogr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CryptographicException

Greatly appreciate help with this. Thanks

Improve this question

2 Answers 2

Reset to default
6

Change the code like this and you are good to go!

    $secretName = "TestCert"
    $kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
    $kvSecretBytes = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($kvSecret.SecretValueText))
    $jsonCert = ConvertFrom-Json($kvSecretBytes)
    $certBytes = [System.Convert]::FromBase64String($jsonCert.data)
    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
    $certCollection.Import($certBytes,$jsonCert.password,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Yes just got this from one of my colleagues. and thank you so much for sharing this piece of code here. and yes its working.
@Eienkei, I am getting this error: "Import" with "3" argument(s): "The parameter is incorrect.". Kindly look if you can help. Thanks
@DeepakTatyajiAhire did you manage to solve this? i have encountered the same problem. The parameter is incorrect.
This only fixes cannot find requested object. if you have another issue related its probably because you use Get-AzureKeyVaultCertificate instead of a secret
This is also useful thomasrayner.ca/… #justsaying
0

I have been struggling for more than 2 hours to run the code and after several trials this code snippet worked for me. You can follow this as well.

$pfxSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certificateName -AsPlainText
$secretByte = [Convert]::FromBase64String($pfxSecret)
$x509Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2Collection
$x509Cert.Import($secretByte, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxFileByte = $x509Cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12)
# Write to a file
[IO.File]::WriteAllBytes("KeyVaultcertificate.pfx", $pfxFileByte)
Improve this answer

1 Comment

Remember that Stack Overflow isn't just intended to solve the immediate problem, but also to help future readers find solutions to similar problems, which requires understanding the underlying code. This is especially important for members of our community who are beginners, and not familiar with the syntax. Given that, can you edit your answer to include an explanation of what you're doing and why you believe it is the best approach?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.