Error when Importing Certificate

Question

Error when Importing Certificate

Gonçalo Camacho 0

Hello,

Hope you guys are doing great,

I'm currently trying to update a certificate in our keyvaults, I have the certificate in PFX format and it's password protected. Although the keyvault it's stating that an error occurred while importing the certificate.
User's image

Do you have any ideas why this issue is occurring?

Waiting on your feedback.

Best Regards
Gonçalo

Sanoop M 2,435 Reputation points Microsoft External Staff

2025-03-28T23:01:48.02+00:00

Hello @Gonçalo Camacho,

I understand that when you are trying to import a certificate into Azure Key vault, it is throwing an error "An error occurred while importing the certificate '<certificate name>'.

Please verify the below details whether it is correctly configured or not.

1.Invalid PFX Format:

Azure Key Vault requires the PFX file to be in a valid PKCS#12 format. You can verify the format using the following OpenSSL command:

openssl pkcs12 -in yourfile.pfx -info

If the format is incorrect, you can recreate the PFX file using:

openssl pkcs12 -export -out yourfile.pfx -inkey yourkey.key -in yourcert.crt

2.Password Issue:

Please make sure that the password used to protect the PFX file is correct and matches the one provided during the import process.

3.Key Type Compatibility:

If the certificate uses an ECDSA key, it might not be compatible. Azure Key Vault often requires RSA keys. You may need to regenerate the certificate with an RSA key.

4.Resource Group and Permissions:

Please make sure that the Key Vault and the certificate are in the same resource group and that you have the necessary permissions to import certificates.

5.Command Syntax:

Please note that if you're using the Azure CLI to import the certificate into Azure Key vault, please make sure the command is correctly formatted as mentioned below.

az keyvault certificate import --vault-name <YourKeyVaultName> -n <CertificateName> -f <PathToPFXFile> --password <PFXPassword>

Import a certificate to your key vault

To import a certificate to the vault, you need to have a PEM or PFX certificate file to be on disk. If the certificate is in PEM format, the PEM file must contain the key as well as x509 certificates. This operation requires the certificates/import permission.

Reference Articles:

Tutorial - Import a certificate in Key Vault using Azure portal | Microsoft Learn

About Azure Key Vault certificates | Microsoft Learn

Certificate creation methods | Microsoft Learn
Sanoop M 2,435 Reputation points Microsoft External Staff

2025-03-31T06:57:30.5666667+00:00

Hello @Gonçalo Camacho,

I am following up to check whether if you have checked my above comment and please let me know if you have any queries. I will be happy to answer your queries.
Sanoop M 2,435 Reputation points Microsoft External Staff

2025-04-01T06:30:33.5433333+00:00

Hello @Gonçalo Camacho,

Please let us know if you are still facing any issues, if so please send us an email on '[email protected]' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.

We can connect offline and discuss further on this issue.

1 answer

Your answer

Sanoop M 2,435 Reputation points Microsoft External Staff

2025-03-31T06:57:30.5666667+00:00

Hello @Gonçalo Camacho,

I am following up to check whether if you have checked my above comment and please let me know if you have any queries. I will be happy to answer your queries.
Sanoop M 2,435 Reputation points Microsoft External Staff

2025-04-01T06:30:33.5433333+00:00

Hello @Gonçalo Camacho,

Please let us know if you are still facing any issues, if so please send us an email on '[email protected]' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.

We can connect offline and discuss further on this issue.

Answer 1

Hello @Gonçalo Camacho,

The error "An error occurred while importing the certificate xxx" occurs due to various reasons like invalid certificate format, invalid password or if the certificate is not in PKCS#12 format.

To resolve the error, make sure the .pfx file is in the correct format and is accepted by Azure Key Vault.

Note : Azure Key Vault expects the .pfx file to be a valid PKCS#12 format. Hence make sure the certificate is in PKCS#12 format.

Verify the .pfx file content: openssl pkcs12 -in file.pfx -info
Also make sure you are passing the password correctly while importing the certificate.

I tried to import a .pfx to Azure Key vault and its successful:

enter image description here

Sample generation of CER and PFX certificate using PowerShell:


$certname = "cert"

 $cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256  

Export-Certificate -Cert $cert -FilePath "C:/Users/xxx/Downloads/$certname.cer" ## Specify your preferred location  

$mypwd = ConvertTo-SecureString -String "password" -Force -AsPlainText  

Export-PfxCertificate -Cert $cert -FilePath "C:/Users/xxx/Downloads/$certname.pfx" -Password $mypwd

Then export the certificate in "Manager user certificates" in the system.

Also, can you provide more details like how you generate or create the .pfx certificate?

If you are still facing issue, I have reached out to you over private message so that I can guide you better for the particular step where you are failing. We can connect offline to resolve the issue.

Givary-MSFT 35,506 Reputation points Microsoft Employee

2025-04-02T03:44:16.37+00:00

@Gonçalo Camacho As discussed offline, you have resolved the issue on your own. Let us know if you have any further questions or need any assistance with this query.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Share via

Error when Importing Certificate

1 answer

Your answer