Friday, 16 December 2016

Converting Azure Key Vault Secret to PFX certificate

Suppose you have pushed the PFX certificate into key vault in azure portal.

You can follow below link to add certificate to key vault.

Deploy Certificates to VMs from customer-managed Key Vault


Go to the http://portal.azure.com

Now open the resource group in which you have created key vault then move to your key vault and go to secrets., copy the secret value.

























The Secret value is Base64 string. So you need decode this then you will get the JSON data for your pfx certificate.

You can decode using C# also. But for quick testing here I am converting from Encode-Decode online Tool.

Convert this string value into JSON in powershell.












$certData=ConvertFrom-Json @"
{
"data": "MKYY+ +vK9MSdG0NxiD+Fn4IOteedkRDmtM2Ct1ukuUImBau4eTdseqQtbKAhRoiH43nVhf2
B5csc/hSvmimQ6kEMT31GGXBsyujYXythB9BjT6kP38PI00I15XH/3mRTyjW06CSAZ/aXNvcuJt0yBcGmljsf0WaraK64oj+Jl7IsA1FN0yr4Z+nWeA7pku+AYPtQbtY/LZ34wkv5i6b1n5LQhkNZagjuKcN7OawmKAEimLw+Fo6/9mHS6spqlAAiKeQSrIkS6v43Z6Euf29C+cDAkJB56789QYwLtQAgC7JE3MSjZv3JLwC3mM4mSd61AFzaXwiOIhacmmAhXieOzyLMxwGJSDYUMB8wBwYFKw4DAhoEFNtDek9T15Dn3IvoYzcJC14CAJBjBBRh6tJGSSjHDpCNQ1ekvz6vjJpOwAICB9A=",
"dataType" :"pfx",
"password": "Mypwd@12345"
}
"@;

$pfxBytes = [System.Convert]::FromBase64String($certData.data)
[io.file]::WriteAllBytes("C:\Users\Kappu\Desktop\Certificates\MySSLCert.pfx", $pfxBytes)
# Convert password to secure string.
$password = ConvertTo-SecureString -String $ certData.password -Force –AsPlainText


You will get the PFX certificate at your local machine that you have pushed into the keyvault.

The above process can be easily implemented in C# by following above process.☺


3 comments:
Labels: , ,
Subscribe to: Posts (Atom)