CertTools Logo
CertTools

Azure Key Vault Certificate Commands

Guide to managing SSL/TLS certificates using Azure Key Vault and Azure CLI.

← Back to All References

Setup and Prerequisites

Install Azure CLI

# Install Azure CLI (macOS)
brew install azure-cli

# Login to Azure
az login

# Set subscription
az account set --subscription "SUBSCRIPTION_ID"

Creating and Managing Certificates

Create self-signed certificate

# Create self-signed certificate in Key Vault
az keyvault certificate create \
  --vault-name mykeyvault \
  --name mycert \
  --policy "$(az keyvault certificate get-default-policy)"

# List certificates
az keyvault certificate list --vault-name mykeyvault

# Show certificate
az keyvault certificate show --vault-name mykeyvault --name mycert

Importing Certificates

Import PFX certificate

az keyvault certificate import \
  --vault-name mykeyvault \
  --name mycert \
  --file certificate.pfx \
  --password "pfx-password"

Downloading Certificates

Download certificate

# Download certificate (CER format)
az keyvault certificate download \
  --vault-name mykeyvault \
  --name mycert \
  --file mycert.cer

# Download as PEM
az keyvault certificate download \
  --vault-name mykeyvault \
  --name mycert \
  --file mycert.pem \
  --encoding PEM

Certificate Operations

Delete certificate

az keyvault certificate delete \
  --vault-name mykeyvault \
  --name mycert

# Recover deleted certificate (if soft-delete enabled)
az keyvault certificate recover \
  --vault-name mykeyvault \
  --name mycert

# Purge permanently
az keyvault certificate purge \
  --vault-name mykeyvault \
  --name mycert

See Also

AWS Certificate Manager
AWS ACM certificate management
Google Cloud Certificates
GCP Certificate Manager
certbot Commands
Let's Encrypt certificate automation

Important Notes

Soft Delete:

Key Vault soft-delete is enabled by default. Deleted certificates can be recovered within retention period.

Access Policies:

Configure access policies or RBAC to control certificate operations.

Documentation:

Azure Key Vault: docs.microsoft.com/azure/key-vault