search

tomasmcguinness / dotnet-passbook

A .Net Library for generating Apple Passbook (Wallet) files for iOS. Please get involved by creating pull requests and opening issues!
MIT License
316 stars 116 forks source link

Are we able to import the AppleWWDRCACertificate certificate from Azure Key Vault? #172

Closed JustinJWyatt closed 1 year ago

JustinJWyatt commented 1 year ago

I have a .NET Core App I'm using and I retrieve all of my certs from Azure Key Vault. I've successfully added my PassbookCertificate as a PFX to the Azure Key Vault but not the AppleWWDRCACertificate. Do I need to export a private key with it? What private key would I use to export the p12 from my Mac?

tomasmcguinness commented 1 year ago

Do you get an error when you try to import it? The WWDRCA cert has no private key, it's just the public key.

JustinJWyatt commented 1 year ago

The Azure Key Vault form doesn't allow me to upload a P12 only PFX. On my Mac, I'm not able to export a certificate in P12 format unless I export it with a key as well.

What public key do I need? I don't have any public key in my Key Chain.

tomasmcguinness commented 1 year ago

p12 and pfx are essentially the same, the latter being a Microsoft format. I usually move p12 to pfx via the Certificate tools on windows.

However, as this is a public certificate with no private key, you don't need to store it in Azure Keyvault.

JustinJWyatt commented 1 year ago

I want to store this in Azure. My .NET API is cloud hosted so I'm not going to store any G4 certificate in the project.

I just download the G4 certificate as a CER file. I did not export it to any other format. I tried to upload this CER file to Azure.

This is the error message when trying to upload to the G4 CER to Azure: Key Vault "The file type of the certificate to be imported must be .pfx or .pem"

tomasmcguinness commented 1 year ago

I would expect KeyVault to only store certificates with private key components.

I'm not sure what else I could success. Store it as a base64 encoded secret?

JustinJWyatt commented 1 year ago

Storing it as base64 sounds like an idea. And are you certain I can instantiate an X509 obj with that base64?

tomasmcguinness commented 1 year ago

No, I'm not certain at all. But you should be able to decode the base64 string into a byte array and use that. Other than that, I'm afraid I cannot be of more help. Typically, this certificate is just put into the project and deployed onto the server.

tomasmcguinness commented 1 year ago

I'm going to close this issue now.