I am not able to upload a .p12 for APN. and this is the error message I received. Any idea what cause this error?
SubCode=40000. Failed to validate credentials with APNS. Error is The credentials supplied to the package were not recognized..TrackingId:b18f483e-6285-9d5b-895c-12e2fcc26dcf_M1_G12,TimeStamp:4/21/2014 3:16:19 AM
I was having the same issue while uploading the certificate on the backend and finally found the solution after lot of struggling. Do the following:
Select keys from your keychain
Locate desired push private key
Click the small arrow to expand the key & profile
Now select the certificate only (this is a crucial step) no both the key & certificate ONLY SELECT CERTIFICATE and click for export
Set password for your exported certificate and upload
Have a look at this picture for reference:
This is an old question but I thought I would post something that worked for me as well. Seeing as the .p12 file was created by another part of our company I was not able to get the .p12 file re-exported in the correct manner.
Instead I imported the .p12 to my local certificate store (windows) and then re-exported as a pfx.
Take a note of where the certificate is stored
Then, Use the MMC tool to view and export your certificate, making sure to export the private key as part of the pfx.
(You should probably delete the certificate from your local machine after the export is complete.)
After that you should be able to import your new pfx file into azure via the portal.
Related
I have a strange problem when importing a certificate from Azure Key vault to be used in an App Service. As you can see in the images below, it says the certificate is imported successfully but it does not show up as expected.
This have previous worked just fine for other app services and my custom domain matches the wildcard certificate that I am trying to use.
Any ideas what causes this strange behavior?
If you choose to upload or import a private certificate to App Service, your certificate must meet the following requirements:
Exported as a password-protected PFX file, encrypted using triple DES.
Contains private key at least 2048 bits long
Contains all intermediate certificates in the certificate chain
Some certificate authorities provide certificates in different formats, therefore before importing the certificate, make sure that they are either in .pem or .pfx format.
When you are importing the certificate, you need to ensure that the
key is included in the file itself. If you have the private key
separately in a different format, you would need to combine the key
with the certificate.
you can also refer https://www.huuhka.net/app-service-imported-ssl-certificate-from-another-subscription-kv/ if you have any failure messages while importing the key vault certificate
If you are using free managed certificate , you may check its pre-requisites to be fulfilled as free certificates come with few limitations , which can be referred from https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?WT.mc_id=AZ-MVP-5003781#private-certificate-requirements
So, I made a workaround solution by setting an Managed Identity on my App Service giving it correct permissions to the keyvault. And then adding the application and correct permissions in Access policies for the keyvault.
After that the certificate showed up as expected when adding a binding on my App Service.
Seems you got the right solutions and might have encountered this issue due to your logged in user RBAC role.
When ever you use app service certificate it gets stored inside Azure Key vault and to use that key vault certificate/secret you need to have access policies to get the secret and set the secret.
More details at:
https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy-portal#:~:text=Assign%20an%20access%20policy%201%20In%20the%20Azure,the%20Principal%20selection%20pane.%20...%20More%20items...%20
I have asked a customer to export the .pfx file for use in the Application Gateway however when they export it it only provides a password but in Azure it asks for a name and password when uploading the .pfx file as in the attached screenshot? How do you get the name?
This is just the name that you can use to identify the certificate for future reference. Give it any meaningful name that you like
To use the Azure storage client encryption with a certificate or other encryption/decryption using a certificate one need access to the private key of the certificate.
We use Azure websites/web app (NOT webroles) and want be able to upload a certificate to the certificate store on Azure and access the private key of the certificate.
I'm able to get the certificate from the certificate store, but when I try to access the private key I get key is not exportable.
It possible to upload the file with the code and load the certificate from file, but it would be more convenient and safe to use the certificate store.
Is there a way to do this ?
I have followed this guide: https://azure.microsoft.com/nb-no/blog/using-certificates-in-azure-websites-applications/ but that only give me access to the certificate not the private key.
Make sure that the PFX file that you are uploading to the Azure web app's certificate list in the portal contains the private key in the first place. You can try to import the pfx in your local machine and export it while checking the option "export the private key". If the export the private key option is grayed while doing the export then it means the pfx is missing the private key.
Your application should be able to access the private key of the certificate if the pfx had it.
#RuneSynnevåg, I think you just need to follow the tutorial Enable HTTPS for an app in Azure App Service to do the steps described in the section "Get a certificate using Certreq.exe (Windows only)" and upload the pfx certificate file for your webapp by following the step 3.
I am using tfsbuild 2010 this arguements "/p:VisualStudioVersion=12.0;ToolPath="C:\Program Files (x86)\MSBuild\12.0\Bin"" to build windows store app. There is no issues in signing packages when using a test certificate with no password.
But it fails with below error for a certificate from third party with password.
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\AppxPackage\Microsoft.AppXPackage.Targets(1781,9): error APPX0105: Cannot import the key file 'XXXX.pfx'. The key file may be password protected. To correct this, try to import the certificate manually into the current user’s personal certificate store.
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\AppxPackage\Microsoft.AppXPackage.Targets(1781,9): error APPX0102: A certificate with thumbprint 'XXXXX' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
I have imported the certificate to personal certificates and also to trusted root certificate authorities, still no luck. Is there anyway I can pass in the password? Or if there any better way to resolve this issue?
I had the same problem (not with TFS but with a dedicated build machine). In my case i tried to import the certificate with a different user than i was building with. Importing to the whole machine did not seem to work for some reason. I specifically signed in with the "building user" and imported the certificate from there.
I need to create a Web Role in Azure with an https endpoint with a real SSL certificate (not self-signed). So I need my own domain, which I have, and have pointed it at my "me.cloudapp.net" URL via a CNAME in my hoster's DNS.
I have purchased a certificate for that domain also. I need to upload that into my Azure portal for the web role, but I can't - Azure gives me an error when I try.
The certificate came in the form of 2 zip files (I'm new to buying certs). One zip has 3 .crt files, and the other has 1 .cer file. Azure requires a .cer or .pfx, so I tried the .cer. It fails with the error "The certificate is not valid, or the password is incorrect."
There is a .crt file in the zip folder that has 3 files that has the same name as the .cer file. If I change the extension of this .crt file to .cer, it will upload, but when I try to publish my deployment, I get the error
"Certificate with thumbprint 3329398FB72BFCC7EF89C90B950D722C6047C2A1 associated with HTTPS input endpoint EndpointForThat does not contain private key. The long running operation tracking ID was: 010a29856c1948f39e71620446223b4e.".
You have to first complete the certificate request process on the machine from which you initiated the request. The process for doing this varies by technology stack. Here is a page from Comodo on how to install certificates on various platforms.
After you have completed the request on the machine that initiated it, then you can export the certificate. That new file is what you need to upload to Azure.
For HTTPS endpoint you need to upload a PFX file.
PFX file is combination of Private Key + Public key.
What you have now is
.cer - public key
.crt - private key
You need to combine the .crt file that matches the name of .cer file into a single .pxf file.
Check this SO question and its answers to get it done.