Azure-cli: KeyVault certificate policy format

+1. There is no help regarding JSON policy definition. No links to external page where this is explained. Currently trying to figure out how to create a certificate that is not signed by a known issuer.

Yes exactly, facing the same issue. Infact I contacted the Microsoft azure support team and they are yet to get back to me even after 4 days. Also, in powershell we have apis but same apis are not there in azure CLI. For ex : I can login yo portal and download certificate in pfx format but how do I do it using CLI? No clue. No examples given.

@adi658 Please check if this one helps? https://github.com/Azure/azure-cli/issues/7489

Awesome... that helped.. So we use download secret instead of download certificate. Wierd :(

See the blog post of Peter Hobor: https://techblog.hobor.hu/2018/08/26/self-signed-certificate-with-sans-using-azure-cli-keyvault/

You may use az keyvault certificate get-default-policy --scaffold to get a template to work with. This is a Python representation of Create Certificate REST API's body: https://docs.microsoft.com/en-us/rest/api/keyvault/createcertificate/createcertificate#certificatepolicy

As @jiasli said, az keyvault certificate get-default-policy --scaffold will give you a rough frame to work with. Closing this issue due to long time inactivity.