Cloud Services Extended Support - .cer certificate support

Tom 6 Reputation points
2022-07-15T08:06:23.44+00:00

I'm working to migrate a Cloud Service (Classic) service to Extended Support that has several .cer certificates (without a private key) registered in the .csdef file. We usually create the Cloud Service (Classic) instance and then add the certificates to the instance using PowerShell.

In CS ES certificates need to be managed in Key Vault. However, Key Vault does not support importing .cer certificates (without a private key).

When testing the migration process from the Azure portal, these certificates are transferred to Key Vault as secrets. Decoding the secret value, they appear to be JSON which contains a 'data' field and 'password' field. Creating a file from the 'data' field value and giving it a .pfx extension, I can import the certificate locally and I'm prompted for a password. The certificate shows up without a private key in my user certificate store.

What is the right way to set up .cer certificates for use with the CS ES service? This is outside of migration, since we need to stand up new environments using automation going forward.

What is the process that the migration has used to transfer these certificates?

Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
695 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. vipullag-MSFT 26,306 Reputation points
    2022-07-18T12:18:50.183+00:00

    @Tom

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    CER files need to be uploaded as "secret" strings in keyvault. They must be in the format similar to how migration does it i.e. base64 encoding of the recommended JSON structure.

    Hope this helps.
    If you need further help on this, tag me in a comment.
    If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.