Why am I getting "Key Password Entry Date Invalid". trying to create an Active Directory principal
I was trying to consolidate a bunch of operations around creating and updating AD services and applications. The stream I ran into is the following:
- Get a certificate from an Azure key store
- Create a Service Principle (and Application) using a certificate for authentication.
PS> Get-AzureKeyVaultCertificate -VaultName certs -Name CertName Name: CertName Certificate: [Subject] CN = certName.foo.com [Issuer] CN = certName.foo.com [Serial Number] xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [Not Before] 6/2/2017 5:41:26 PM [Not After] 6/2/2018 5:51:26 PM [Thumbprint] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Id: https://certs.vault.azure.net:443/certificates/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx KeyId: https://certs.vault.azure.net:443/keys/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx SecretId: https://certs.vault.azure.net:443/secrets/certname/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Tags: {[Thumbprint, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]} Enabled: True Created: 6/3/2017 2:11:31 AM Updated: 6/3/2017 2:11:31 AM PS> New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $ ([System.Convert] :: ToBase64String ($ cert.Certificate.GetRawCertData ())) -StartDate $ cert.Certificate.GetEffective.DateStringate () -Effective.Certificate .GetExpirationDateString () New-AzureRmADServicePrincipal: Key credential start date is invalid. At line: 1 char: 1 + New-AzureRmADServicePrincipal -DisplayName "Cert access" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo: InvalidOperation: (:) [New-AzureRmADServicePrincipal], Exception + FullyQualifiedErrorId: Request_BadRequest, Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand
Why can I get the Key Start Date Invalid ?
+3
source to share
1 answer
According to your error log, it seems that the time format is incorrect. I suggest you use [System.DateTime]::Now
to set the time. I am testing in my lab, I am not responding to your error log, the script works for me. I suggest you check.
##import certificate to key valut
$Password = ConvertTo-SecureString -String "*******" -AsPlainText -Force
Import-AzureKeyVaultCertificate -VaultName "shuikey" -Name "ImportCert01" -FilePath "C:\shui.pfx" -Password $Password
##set start time and expire time
$now = [System.DateTime]::Now
$yearfromnow = $now.AddYears(1)
##Get certificate from key vault
$cert=Get-AzureKeyVaultCertificate -VaultName certs -Name CertName
New-AzureRmADServicePrincipal -DisplayName "Cert access" -CertValue $([System.Convert]::ToBase64String($cert.Certificate.GetRawCertData())) -StartDate $now -EndDate $yearfromnow
+2
source to share