I'm running CI integration tests in Azure DevOps, running happens on a dedicated Azure VM with installed build agent. Those tests require client SSL certificate to be installed on that VM. As a build step in CI I have a PS script that consumes the Azure KeyVault certificate and imports that into LocalMachine/My store of VM. While the cert is imported and I can see it in VM, tests from CI fail using the cert. Note that the cert, when trying to manually export in VM, has a Export with Private Key option grayed out.
When I run the same PS script manually withing VM and then run CI tests (with PS step disabled), tests successfully consumer certificate and pass.
What should I change in my PS script below, so it (being running remotely) would import a certificate with Export with Private Key option enabled?
$vaultName = "MyKeyVault-stest"
$secretName = "MyCertificate"
$kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $secretName
$kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText)
$kvSecretPass = 'myPass'
#-----------------------------------------------------------------------------
$pfxCertObject=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @($kvSecretBytes, "", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$newcertbytes = $pfxCertObject.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $kvSecretPass)
$newCert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$newCert.Import($newcertbytes,$kvSecretPass,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
#-------------------------------------------------------------------------------
$certStore = Get-Item "Cert:\LocalMachine\My"
$openFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite
$certStore.Open($openFlags)
$certStore.Add($newCert)
Write-host $env:USERNAME
Write-host $(whoami)
