sdk/keyvault/Azure.Security.KeyVault.Certificates/TROUBLESHOOTING.md
The Azure.Security.KeyVault.Certificates package provides APIs for operations on Azure Key Vault for the
CertificateClient class. This troubleshooting guide contains steps for diagnosing issues specific to the
Azure.Security.KeyVault.Keys package.
See our Azure Key Vault SDK Troubleshooting Guide to troubleshoot issues common to the Azure Key Vault SDKs for .NET.
You may see an error similar to the following when using CertificateClient.ImportCertificate or
CertificateClient.ImportCertificateAsync:
Azure.RequestFailedException: No certificate with private key found in the specified X.509 certificate content. Please specify X.509 certificate content with only one certificate containing private key.
Status: 400 (Bad Request)
ErrorCode: BadParameter
Content:
{"error":{"code":"BadParameter","message":"No certificate with private key found in the specified X.509 certificate content. Please specify X.509 certificate content with only one certificate containing private key."}}
Check that your certificate contains a private key using X509Certificate2.HasPrivateKey, for example. If it was true
but you still see this error, check that you do not use X509Certificate2.RawData, which does not contain the
private key. Instead use X509Certificate2.Export(X509CertificateType.Pkcs12) method (inheritted from X509Certificate)
to export a PKCS12 (PFX)-encoded buffer. If you want to import a PEM file, read the file into a byte[] buffer and call
CertificateClient.ImportCertificate or CertificateClient.ImportCertificateAsync with the buffer directly.
See X509Certificate2 documentation
for more information.