Cannot Import Certificate into Azure Key Vault

Carolyn Schroeder 186 Reputation points
2024-07-04T08:09:26.8666667+00:00

I am trying to import a certificate into Azure Key Vault but getting the error "The parameter keyVaultCsmId has an invalid value."

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,313 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jing Zhou 7,185 Reputation points Microsoft Vendor
    2024-07-04T08:24:16.26+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Check if your Key Vault is set to use "Azure role-based access control" under "Access configuration". It needs to be set to "Vault access policy" instead.

    User's image

    Currently, App Service Certificate supports only Key Vault access policies, not the RBAC model. Source: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#store-certificate-in-azure-key-vault

     

    Best regards,

    Jill Zhou

     


     

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.

  2. akinbade abiola 18,305 Reputation points
    2024-07-04T08:24:03.57+00:00

    Hello Carolyn Schroeder,

    Thanks for your question.

    It is possible your certificate in AKV was imported as pem and not as pcks12. Re-import the cert from a pfx file with the --password parameter.

    az keyvault certificate import --password $password                                
    
    

    See: https://learn.microsoft.com/en-us/cli/azure/keyvault/certificate?view=azure-cli-latest#az-keyvault-certificate-import

    Also see similar issue here from stackoverflow for an alternative solution: https://stackoverflow.com/questions/65781652/error-the-parameter-keyvaultcsmid-has-an-invalid-value-while-adding-app-servic

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.