New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instructions for storing the Root cert in Azure KeyVault #24346
Comments
@tomasaschan |
@angoyal-msft - Can you reassign this issue to @rachel-msft, she owns this article now. |
@mimig1 Thanks for pointing out. I have assigned this issue to @rachel-msft |
Hi @tomasaschan. I haven't gotten a chance to test this out, but according to this Key Vault doc https://docs.microsoft.com/en-us/azure/key-vault/certificate-scenarios PEM files are allowed. And you could possibly use a different decoder to get a pfx file. #please-close |
I don't think that's applicable here; note that this certificate is not something I have any power over, and I can't affect it much. And the docs page you linked to also specifies
The |
#please-reopen @rachel-msft @MicahMcKittrick-MSFT |
@rachel-msft - Can you provide an update? |
I apologize for not being able to answer this request earlier. First off all, I have corrected the article to reflect that the certificate can be stored in any file location you choose. That file location can be referenced in the SSL certificate parameter of whichever language/client you are using. In the docs I have shown an example of doing this with psql. As you pointed out, Azure Key Vault's certificate store is intended for importing certificates for which you are also the holder of the private key. The Key Vault object type that works for this scenario is a Secret. You can set/download a file as a secret. I show an example of how to do this below. I am using a Linux VM, Azure CLI for Key Vault, and psql as my Postgres client.
|
Please let me know if you have any questions. #please-close |
It seems that we must put the
root.crt
in the correct place on our app servers (~/.postgresql/root.crt on linux, %APPDATA%\postgresql\root.crt on windows, according to this article), and we'd like to automate this as part of the deployment or provisioning pipeline. In order to do so, we want to store the certificate in KeyVault, but I'm unable to figure out how to import the cert there as the KeyVault requires a .pfx-format certificate for import, and we only get a .der/.pem-formatted cert using the instructions in this article.Could you please add some instructions on how to use KeyVault to store this certificate, and how one might automate installing it on Azure Web Apps?
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: