1

We have an application running on a VM in our Service Fabric service in Azure.

To communicate with one of our partner's Rest APIs, we need to use a client certificate. (_restClient.ClientCertificate = ...)

So my first attempt was to add the Certificate (pfx, including a private key) to our Azure Key Vault. And then the application receives it from the Key Vault. However ,I don't seem to be getting the private part of the certificate, which is needed to sign the package. This question, Is it possible to get the private key out of Azure Key Vault Keys?, also seems to try the same thing without success.

I also found this article: Use an SSL certificate in your application code in Azure App Service. However, that only seems to handle the case when you run a Web App from an App Service. But since I don't use that, I don't understand if this can be applied in my case.

So how do I get ahold of the ClientCertificate from Azure that I need to use in my RestRequest?

Super Jade
  • 5,609
  • 7
  • 39
  • 61
Markus
  • 3,297
  • 4
  • 31
  • 52

1 Answers1

1

You are on the right track. once you have certificates in your key vault all you need is a key vault client to get certificate from there, which you can assign to your rest client.

this link has enough info to help you get the complete certificate from your vault

Gurpreet
  • 1,382
  • 11
  • 24
  • This I have already done, the problem is that I don't get the private key (only the public part) from the key vault. – Markus Mar 06 '19 at 08:21
  • @Markus exactly what you are describing is tackled in that article. Please go thru that again in detail, just to make sure you are doing "keyVault.GetSecretAsync" and not "keyVault.GetCertificateAsync". it explains that when you use GetCertificateAsync it does not give you private key but if you use GetSecretAsync the it does – Gurpreet Mar 06 '19 at 12:07