Why am I getting "Key Password Entry Date Invalid". trying to create an Active Directory principal
I was trying to consolidate a bunch of operations around creating and updating AD services and applications. The stream I ran into is the following:
- Get a certificate from an Azure key store
- Create a Service Principle (and Application) using a certificate for authentication.
PS> Get-AzureKeyVaultCertificate -VaultName certs -Name CertName
Name: CertName
Certificate: [Subject]
CN = certName.foo.com
[Issuer]
CN = certName.foo.com
[Serial Number]
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Not Before]
6/2/2017 5:41:26 PM
[Not After]
6/2/2018 5:51:26 PM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Id: https://certs.vault.azure.net:443/certificates/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
KeyId: https://certs.vault.azure.net:443/keys/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SecretId: https://certs.vault.azure.net:443/secrets/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags: {[Thumbprint, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]}
Enabled: True
Created: 6/3/2017 2:11:31 AM
Updated: 6/3/2017 2:11:31 AM
PS> New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $ ([System.Convert] :: ToBase64String ($ cert.Certificate.GetRawCertData ())) -StartDate $ cert.Certificate.GetEffective.DateStringate () -Effective.Certificate .GetExpirationDateString ()
New-AzureRmADServicePrincipal: Key credential start date is invalid.
At line: 1 char: 1
+ New-AzureRmADServicePrincipal -DisplayName "Cert access" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: InvalidOperation: (:) [New-AzureRmADServicePrincipal], Exception
+ FullyQualifiedErrorId: Request_BadRequest, Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand
Why can I get the Key Start Date Invalid ?
+3
source to share
1 answer
According to your error log, it seems that the time format is incorrect. I suggest you use [System.DateTime]::Now
to set the time. I am testing in my lab, I am not responding to your error log, the script works for me. I suggest you check.
##import certificate to key valut
$Password = ConvertTo-SecureString -String "*******" -AsPlainText -Force
Import-AzureKeyVaultCertificate -VaultName "shuikey" -Name "ImportCert01" -FilePath "C:\shui.pfx" -Password $Password
##set start time and expire time
$now = [System.DateTime]::Now
$yearfromnow = $now.AddYears(1)
##Get certificate from key vault
$cert=Get-AzureKeyVaultCertificate -VaultName certs -Name CertName
New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $now -EndDate $yearfromnow
+2
source to share