(6 votes, average: 4.17 out of 5)
Note: Due to new CA/B, All code signing certificates now stored on FIPS 140-2 or Common Criteria EAL 4+ compliant Hardware Security Module (HSM) or Yubikey USB tokens. So, code signing certificates will no longer be exportable or no direct link issuing process.
Let’s learn how you can generate and import PKCS#12 or PEM files into Microsoft Azure Key Vault. In addition, this method is proper for Standard Code Signing Certificate (Organization Validated & Individual Validated both).
Sign in within the Azure portal and select the options key vault where you’re looking to install your security certificate.
From the Setting menu on the left side, select Certificates
Go to the option Generate/Import at the top and click on the link to start the process of importing.
From the Method of Certificate, Creation menu, select the option Import
Note: RSA-HSM key type is required by DigiCert CA as of June 2023 as per new storage key requirement. So, Azure will store the certificate on FIPS 140-2 level 2 certified HSM.(Check Below Image)
In the Certificate Name field, enter a unique name you would like to keep for the certificate. Make sure the name contains only alphanumeric characters and dashes.
Under the Upload Certificate File option, select and click the Folder icon and browse through your PCKS#12 certificate file you wish to install.
Note: Microsoft Azure asks for extension .pfx for PKCS#12 file upload. So, if you’ve got a .p12 file, you’ll need to change it to a .pfx file.
Enter the password for your PCKS#12 file. Similarly, ensure that the password you enter is the same one you used when generating or retrieving the certificate.
Lastly, click on the Create button.
Once you click the Create button, the certificate file and private key will get imported into the Key Vault. Similarly, it’ll be available for use.
Protect your code from unauthorized tampering and compromise with the highest level of validation with DigiCert EV Code Signing Certificate.