Azure-cli: keyvault certificate import api doesn't work when password has special character

What shell are you running the CLI command from? I suspect it is Powershell based on the error, and if that's the case, there is nothing we can do about this because the splitting on & occurs before your command ever reaches the CLI.

Sorry, not sure what you mean, but I'm running the CLI command directly from my pc thru the cmd.

Thanks for the clarification @vany0114. For CMD, only ever wrap strings in double quotes. If you run your command with --debug, you will see, for example, that -n 'myCert' is interpreted as name = 'myCert' not myCert. If you provide your password in double quotes you will not get that unrecognized command error.

@tjprescott I tried with double quotes too and didn't work :(
Actually, for vault-name and name parameters, I didn't use quotes at all. (sorry my bad, writing the example)

With double quotes, do you get the Format of Pkcs12 value is invalid error?

With double quotes I get:

'%9H' is not recognized as an internal or external command,
operable program or batch file.

https://stackoverflow.com/questions/1327431/how-do-i-escape-ampersands-in-batch-files/1327476#1327476

Use ^ to escape the & character.

With double quotes, do you get the Format of Pkcs12 value is invalid error?

Sorry @tjprescott, indeed I get that error. When you asked I tested out in PS rather than cmd.

I've tried with ^ and didn't get errors, but it does nothing. I checked my Keyvault but there's nothing there, tho.

Thanks @vany0114, I was trying to separate the quoting issue with the service issue. The KeyVault team will need to address why your certificate does not work. Since you can't upload it with the CLI, PS or portal, it implies there is something questionable in the service.

Also, I noticed you are using CLI 2.0.24, which is well over a year old. You might try updating your CLI and see if that resolves the problem.

I updated the CLI to the latest version (2.0.60) and still getting that error.

However, scaping the & I get this new error:

Hi guys, yeah also have run into this recently and the only workaround was to change the password for the PFX to not use any special characters ;-)... tested with PS and Azure Gui

I just ran into this today. My certificate password has a ? in it. When trying to import via the Azure portal, the error I get is Pkcs12 value is invalid.. When trying to use the azure-cli (version 2.0.67), I get We could not parse the provided certificate as .pem or .pfx. Please verify the certificate with OpenSSL.. I also tried to escape the ? with ^? and same error.

I just ran into this today. My certificate password has a ? in it. When trying to import via the Azure portal, the error I get is Pkcs12 value is invalid.. When trying to use the azure-cli (version 2.0.67), I get We could not parse the provided certificate as .pem or .pfx. Please verify the certificate with OpenSSL.. I also tried to escape the ? with ^? and same error.

Yeah, you will need to export it again with MMC-snapin-cert and then make sure the password has no special characters in it, and then attempt the import into Azure it will work... ;-)

Similar to https://github.com/Azure/azure-cli/issues/11003#issuecomment-569213105

@vany0114, please check the solution and let us know if you can get unblocked.