I want to retrieve/download the original pfx certificate that was uploaded onto our Application Gateway.
So far I have done the following in PowerShell:
$appGw = Get-AzApplicationGateway -Name "appgatewayname" -ResourceGroupName "appgatewayresourcegroup"
$certs = Get-AzApplicationGatewaySslCertificate -ApplicationGateway $appGw
$certBase64 = $certs[0].PublicCertData
$certBytes = [System.Convert]::FromBase64String($certBase64)
[io.file]::WriteAllBytes("C:\directory\newcert.pfx", $certBytes)
However, it doesn't seem to be a valid certificate, especially when I try to upload it onto our KeyVault.
Is anyone familiar, and is this even possible? Should I use the Data property instead of the PublicCertData?
.pfx file can't be retrieved after you uploaded it to an application gateway listener. I have checked Azure resource explorer, there is no API provided by Azure to retrieve it. And I also double-checked with the Azure product team.
Though seems we can use
Get-AzApplicationGatewaySslCertificatePS command to get certs, but actually, it provides you with PublicCertData only, there is no PrivateCertData of .pfx file. I also have tested on my side, the value of Data property is empty.So if you want to upload this .pfx file to Azure KV, I am afraid the only way is uploading the original pfx certificate to Azure KV directly.