How can I retrieve the PFX Password of a generated Azure Key Vault certificate?

Question

Azure Key Vault allows you to generate certificates right in the GUI. After, you can download these certificates as a pfx file.

Are these pfx files password protected? I am trying to use this certificate somewhere and it won't let me proceed without a password.

Tiamo Idzenga · Accepted Answer · 2021-02-23T10:36:47.540

Using the following PowerShell script for AzureRM I can export a pfx from the Key Vault with a password:

# Replace these variables with your own values
$vaultName = "<KEY_VAULT>"
$certificateName = "<CERTIFICATE_NAME>"
$pfxPath = [Environment]::GetFolderPath("Desktop") + "\$certificateName.pfx"
$password = "<PASSWORD>"

$pfxSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certificateName
$pfxUnprotectedBytes = [Convert]::FromBase64String($pfxSecret.SecretValueText)
$pfx = New-Object Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($pfxUnprotectedBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxProtectedBytes = $pfx.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)
[IO.File]::WriteAllBytes($pfxPath, $pfxProtectedBytes)

Credit goes to Brendon Coombes in his blog post.

FYI a downloaded PFX does not have a password. This means that it typically can't be used when re-uploading back to Azure in a different service. — Matt Small, Feb 24 '21 at 16:57

score 0 · Answer 2 · answered Aug 16 '23 at 13:11

0

The downloaded pfx has a blank password. Leave it empty to install localy and then export with your own password.

answered Aug 16 '23 at 13:11

pposada

108
5

How can I retrieve the PFX Password of a generated Azure Key Vault certificate?

2 Answers2