PowerShell
PowerShell
Azure Key Vault Get the Latest Version of a Certificate
See more Azure Key Vault Examples
Demonstrates how to get the latest version of a certificate in Azure Key Vault.Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# See Azure Key Vault Get Certificates for a more detailed explanation
# for how Chilkat is automatically getting the OAuth2 access token for your application.
# Provide information needed for Chilkat to automatically get an OAuth2 access token as needed.
$json = New-Object Chilkat.JsonObject
$json.UpdateString("client_id","APP_ID")
$json.UpdateString("client_secret","APP_PASSWORD")
$json.UpdateString("resource","https://vault.azure.net")
$json.UpdateString("token_endpoint","https://login.microsoftonline.com/TENANT_ID/oauth2/token")
$http = New-Object Chilkat.Http
# Instead of providing an actual access token, we give Chilkat the information that allows it to
# automatically fetch the access token using the OAuth2 client credentials flow.
$http.AuthToken = $json.Emit()
# Replace VAULT_NAME with the name of your Azure Key Vault.
$http.SetUrlVar("certName","importCert01")
$sbResponse = New-Object Chilkat.StringBuilder
$success = $http.QuickGetSb("https://VAULT_NAME.vault.azure.net/certificates/{$certName}?api-version=7.4",$sbResponse)
if ($success -eq $false) {
$statusCode = $http.LastStatus
if ($statusCode -eq 0) {
# We did not get a response from the server..
$($http.LastErrorText)
}
else {
# We received a response, but it was an error.
$("Error response status code: " + $statusCode)
$("Error response:")
$($sbResponse.GetAsString())
}
exit
}
$jsonResp = New-Object Chilkat.JsonObject
$jsonResp.LoadSb($sbResponse)
$jsonResp.EmitCompact = $false
$($jsonResp.Emit())
# A sample JSON response is show at the bottom.
# Let's do two things with the result.
# 1) Load the DER of the cert into a Chilkat Cert object.
# 2) Get the Key Vault version id of the certificate.
$cert = New-Object Chilkat.Cert
$success = $cert.LoadFromBase64($jsonResp.StringOf("cer"))
if ($success -eq $false) {
$($cert.LastErrorText)
$("Failed to load certificate from Base64 DER.")
exit
}
# The Azure Key Vault's "version" of the certificate is the hex string at the end of the "id", "kid", and "sid" JSON members.
# For example: "7140c8755ed14839b5d86a9f7e7f0497"
$sbId = New-Object Chilkat.StringBuilder
$sbId.Append($jsonResp.StringOf("id"))
$certVersion = $sbId.GetAfterFinal("/",$false)
$("The key vault cert version is " + $certVersion)
# {
# "id": "https://kvchilkat.vault.azure.net/certificates/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
# "kid": "https://kvchilkat.vault.azure.net/keys/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
# "sid": "https://kvchilkat.vault.azure.net/secrets/importCert01/7140c8755ed14839b5d86a9f7e7f0497",
# "x5t": "I_e3776K5Q_6PN1HHvJoI2ZGQRQ",
# "cer": "MIIGXjCCB .... cjTsi7yIY=",
# "attributes": {
# "enabled": true,
# "nbf": 1633996800,
# "exp": 1728691199,
# "created": 1697411128,
# "updated": 1697411128,
# "recoveryLevel": "CustomizedRecoverable+Purgeable",
# "recoverableDays": 7
# },
# "policy": {
# "id": "https://kvchilkat.vault.azure.net/certificates/importCert01/policy",
# "key_props": {
# "exportable": true,
# "kty": "RSA",
# "key_size": 4096,
# "reuse_key": false
# },
# "secret_props": {
# "contentType": "application/x-pkcs12"
# },
# "x509_props": {
# "subject": "CN=\"Chilkat Software, Inc.\", O=\"Chilkat Software, Inc.\", S=Illinois, C=US",
# "ekus": [
# "1.3.6.1.5.5.7.3.3"
# ],
# "key_usage": [
# "digitalSignature"
# ],
# "validity_months": 37,
# "basic_constraints": {
# "ca": false
# }
# },
# "lifetime_actions": [
# {
# "trigger": {
# "lifetime_percentage": 80
# },
# "action": {
# "action_type": "EmailContacts"
# }
# }
# ],
# "issuer": {
# "name": "Unknown"
# },
# "attributes": {
# "enabled": true,
# "created": 1697411128,
# "updated": 1697411128
# }
# }
# }