I am not sure if this is a duplicate of Sign a CSR with Azure Key Vault, but I am surprised not to see any solution to this request.
AWS Certificate Manager can act as private CA, I would expect something similar in Azure, but I can't find anything.
Assuming I have a csr, how can I get it signed by own CA? I see two approaches:
- I store the CA certificate in Keyvault and then download the private key to sign. This is bad, because the private key leaves the vault.
- I store the private in the Keyvault and then use the sign() method to sign the csr digest.
I am suprised to see that there is no simple method to sign the csr and get the signed certificate. The approach 2. would require manual steps to build the certificated from the signed digest. Is there any alternative or ready library to sign csr?
Thanks for any hint,
