Restore-AzureKeyVaultCertificate
Restores a certificate in a key vault from a backup file.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
Restore-AzureKeyVaultCertificate
[-VaultName] <String>
[-InputFile] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzureKeyVaultCertificate
[-InputObject] <PSKeyVault>
[-InputFile] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzureKeyVaultCertificate
[-ResourceId] <String>
[-InputFile] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Restore-AzureKeyVaultCertificate cmdlet creates a certificate in the specified key vault from a backup file. This certificate is a replica of the backed-up certificate in the input file and has the same name as the original certificate. If the key vault already contains a certificate by the same name, this cmdlet fails instead of overwriting the original certificate. If the backup contains multiple versions of a certificate, all versions are restored. The key vault that you restore the certificate into can be different from the key vault that you backed up the certificate from. However, the key vault must use the same subscription and be in an Azure region in the same geography (for example, North America). See the Microsoft Azure Trust Center (https://azure.microsoft.com/support/trust-center/) for the mapping of Azure regions to geographies.
Examples
Example 1: Restore a backed-up certificate
PS C:\> Restore-AzureKeyVaultCertificate -VaultName 'MyKeyVault' -InputFile "C:\Backup.blob"
Certificate : [Subject]
CN=contoso.com
[Issuer]
CN=contoso.com
[Serial Number]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Not Before]
5/25/2018 3:47:41 AM
[Not After]
11/25/2018 2:57:41 AM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KeyId : https://mykeyvault.vault.azure.net:443/keys/cert1/bd406f6d6b3a41a1a1c633494d8c3c3a
SecretId : https://mykeyvault.vault.azure.net:443/secrets/cert1/bd406f6d6b3a41a1a1c633494d8c3c3a
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RecoveryLevel : Purgeable
Enabled : True
Expires : 11/25/2018 10:57:41 AM
NotBefore : 5/25/2018 10:47:41 AM
Created : 5/25/2018 10:57:41 AM
Updated : 5/25/2018 10:57:41 AM
Tags :
VaultName : MyKeyVault
Name : cert1
Version : bd406f6d6b3a41a1a1c633494d8c3c3a
Id : https://mykeyvault.vault.azure.net:443/certificates/cert1/bd406f6d6b3a41a1a1c633494d8c3c3a
This command restores a certificate, including all of its versions, from the backup file named Backup.blob into the key vault named MyKeyVault.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputFile
Input file. The input file containing the backed-up blob
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
KeyVault object
Type: | PSKeyVault |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceId
KeyVault Resource Id
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-VaultName
Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Parameters: InputObject (ByValue)