PowerShell import self-signed cert from keyvault

Question

I am trying to download selfsigned cert from keyvault and import it to my key store but I am failing.

$pfxSecret = Get-AzKeyVaultSecret -VaultName $keyVaultName -Name $certificateName -AsPlainText

# Write to a file
Set-Content -Path $certificateFilePath -Value $pfxSecret

Import-Certificate -FilePath $certificateFilePath -CertStoreLocation 'Cert:\CurrentUser\My'

$pfxSecret looks like this:

-----BEGIN PRIVATE KEY-----
whatever
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
whatever
-----END CERTIFICATE-----

But I am getting this error:

Import-Certificate : Cannot find the requested object. (Exception from HRESULT: 0x80092009)
At line:5 char:1
+ Import-Certificate -FilePath $certificateFilePath -CertStoreLocation  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Import-Certificate], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.CertificateServices.Commands.ImportCertificateCommand

Answer 1

To download self-signed certificate from key vault and import it to the key store, check the below:

I have few certificates in key vault.

Note that: To import the pfx certificates you need to make use of Import-PfxCertificate command.

To import it to the key store, I used the below commands:

Connect-AzAccount

$pfxSecret = Get-AzKeyVaultSecret -VaultName kvruk33 -Name rukcert33 -AsPlainText

$certificateFilePath = "C:\Users\rukmini\Desktop\rukcert33.pfx"
Set-Content -Path $certificateFilePath -Value $pfxSecret

Import-PfxCertificate -FilePath $certificateFilePath -CertStoreLocation 'Cert:\CurrentUser\My

The certificate stored in the key store successfully:

Is still the issue persists, check if you are able to certificate store:

Get-ChildItem -Path Cert:\CurrentUser\My

• Validate the $certificateFilePath that it exists by running Test-Path $certificateFilePath

• Check if the certificate file is a valid PFX file.