Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Import-AzKeyVaultCertificate
- Module:
- Az.KeyVault Module
Imports a certificate to a key vault.
Syntax
ImportCertificateFromFile (Default)
Import-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
-FilePath <String>
[-Password <SecureString>]
[-PolicyPath <String>]
[-PolicyObject <PSKeyVaultCertificatePolicy>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ImportWithPrivateKeyFromString
Import-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
-CertificateString <String>
[-ContentType <String>]
[-Password <SecureString>]
[-PolicyPath <String>]
[-PolicyObject <PSKeyVaultCertificatePolicy>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ImportWithPrivateKeyFromCollection
Import-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
[-CertificateCollection] <X509Certificate2Collection>
[-PolicyPath <String>]
[-PolicyObject <PSKeyVaultCertificatePolicy>]
[-Tag <Hashtable>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Import-AzKeyVaultCertificate cmdlet imports a certificate into a key vault. You can create the certificate to import by using one of the following methods:
- Use
Add-AzKeyVaultCertificateto create a certificate signing request and submit it to a certificate authority. See https://learn.microsoft.com/azure/key-vault/certificates/create-certificate-signing-request - Use an existing certificate package file, such as a .pfx or .p12 file, which contains both the certificate and private key.
Examples
Example 1: Import a key vault certificate
$Password = ConvertTo-SecureString -String "****" -AsPlainText -Force
Import-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "ImportCert01" -FilePath "C:\Users\contosoUser\Desktop\import.pfx" -Password $Password
Name : importCert01
Certificate : [Subject]
CN=contoso.com
[Issuer]
CN=contoso.com
[Serial Number]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Not Before]
2/8/2016 3:11:45 PM
[Not After]
8/8/2016 4:21:45 PM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags :
Enabled : True
Created : 2/8/2016 11:50:43 PM
Updated : 2/8/2016 11:50:43 PM
The first command uses the ConvertTo-SecureString cmdlet to create a secure password, and then stores it in the $Password variable. The second command imports the certificate named ImportCert01 into the ContosoKV01 key vault.
Example 2: Import a key vault certificate by CertificateString
$Password = ConvertTo-SecureString -String "****" -AsPlainText -Force
$Base64String = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("import.pfx"))
Import-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "ImportCert01" -CertificateString $Base64String -Password $Password
Name : importCert01
Certificate : [Subject]
CN=contoso.com
[Issuer]
CN=contoso.com
[Serial Number]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Not Before]
2/8/2016 3:11:45 PM
[Not After]
8/8/2016 4:21:45 PM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags :
Enabled : True
Created : 2/8/2016 11:50:43 PM
Updated : 2/8/2016 11:50:43 PM
The first command uses the ConvertTo-SecureString cmdlet to create a secure password, and then stores it in the $Password variable. The second command reads a certificate as a Base64 encoded representation. The third command imports the certificate named ImportCert01 into the ContosoKV01 key vault.
Example 3: Import a key vault certificate with PolicyFile
$Password = ConvertTo-SecureString -String "****" -AsPlainText -Force
Import-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "ImportCert01" -FilePath "C:\Users\contosoUser\Desktop\import.pfx" -Password $Password -PolicyPath "C:\Users\contosoUser\Desktop\policy.json"
Name : importCert01
Certificate : [Subject]
CN=contoso.com
[Issuer]
CN=contoso.com
[Serial Number]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Not Before]
2/8/2016 3:11:45 PM
[Not After]
8/8/2016 4:21:45 PM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KeyId : https://ContosoKV01.vault.azure.net/keys/ImportCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
SecretId : https://ContosoKV01.vault.azure.net/secrets/ImportCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Policy :
Secret Content Type: application/x-pkcs12
Issuer Name : Unknown
Created On : 3/22/2023 6:00:52 AM
Updated On : 4/27/2023 9:52:53 AM
...
RecoveryLevel : Recoverable+Purgeable
Enabled : True
Expires : 6/9/2023 6:20:26 AM
NotBefore : 3/11/2023 6:20:26 AM
Created : 4/24/2023 9:05:51 AM
Updated : 4/24/2023 9:05:51 AM
Tags : {}
VaultName : ContosoKV01
Name : ImportCert01
Version : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Id : https://ContosoKV01.vault.azure.net/certificates/ImportCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The first command uses the ConvertTo-SecureString cmdlet to create a secure password, and then stores it in the $Password variable. The second command imports the certificate named ImportCert01 into the ContosoKV01 key vault with a policy defined by file.
Parameters
-CertificateCollection
Specifies the certificate collection to add to a key vault.
Parameter properties
| Type: | X509Certificate2Collection |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CertificateString
Base64 encoded representation of the certificate object to import. This certificate needs to contain the private key.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-ContentType
Specifies the type of the certificate to be imported. Regards certificate string as PFX format by default.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-FilePath
Specifies the path of the certificate file that this cmdlet imports.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
Specifies the certificate name. This cmdlet constructs the fully qualified domain name (FQDN) of a certificate from key vault name, currently selected environment, and certificate name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | CertificateName |
Parameter sets
-Password
Specifies the password for a certificate file.
Parameter properties
| Type: | SecureString |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PolicyObject
An in-memory object to specify management policy for the certificate. Mutual-exclusive to PolicyPath.
Parameter properties
| Type: | PSKeyVaultCertificatePolicy |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PolicyPath
A file path to specify management policy for the certificate that contains JSON encoded policy definition. Mutual-exclusive to PolicyObject.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Tag
Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"}
Parameter properties
| Type: | Hashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-VaultName
Specifies the key vault name into which this cmdlet imports certificates. This cmdlet constructs the fully qualified domain name (FQDN) of a key vault based on the name and currently selected environment.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
String
X509Certificate2Collection
Hashtable
Outputs
PSKeyVaultCertificate
Related Links
Azure PowerShell
Feedback
Was this page helpful?