Skip to content

Get-AzKeyVaultCertificate returns no SubjectAlternativeNames (DnsNameList) in Powershell 7.4/7.5 #27403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cjagodics opened this issue Mar 21, 2025 · 0 comments
Open

Get-AzKeyVaultCertificate returns no SubjectAlternativeNames (DnsNameList) in Powershell 7.4/7.5 #27403

cjagodics opened this issue Mar 21, 2025 · 0 comments
Assignees
@notyashhh
Labels
Azure PS Team bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported KeyVault

Comments

@cjagodics
Copy link

Description

I discovered that - no matter which module version, the command Get-AzKeyVaultCertificate returns an empty array for the SubjectAlternativeName (DnsNameList) field in Powershell 7.4.*/7.5:

Output Powershell Version 5.1 (works as expected):

Get-AzKeyVaultCertificate -VaultName <kv-name> -Name cjatest20241203-example-cloud-dvag |select -ExpandProperty Certificate |select -Property *


EnhancedKeyUsageList : {Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)}
DnsNameList          : {cjatest20241203.example.cloud.dvag, cjatest20241205.example.cloud.dvag}
SendAsTrustedIssuer  : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
FriendlyName         :
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 5/17/2025 1:59:59 AM
NotBefore            : 2/16/2025 1:00:00 AM
HasPrivateKey        : False
PrivateKey           :
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 7, 77...}
SerialNumber         : 053DFBFE155730DA4F381D58D61B418A
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : BEB03458A97D5DD776E14B3872C8752BB96ACD3B
Version              : 3
Handle               : 2240780448272
Issuer               : CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Subject              : CN=cjatest20241203.example.cloud.dvag, ...

Output Powershell Version 7.4.7 (DnsNameList empty):

Get-AzKeyVaultCertificate -VaultName <kv-name> -Name cjatest20241203-example-cloud-dvag |select -ExpandProperty Certificate |select -Property *

EnhancedKeyUsageList : {Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)}
DnsNameList          : {}
SendAsTrustedIssuer  : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}
FriendlyName         :
HasPrivateKey        : False
PrivateKey           :
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 5/17/2025 1:59:59 AM
NotBefore            : 2/16/2025 1:00:00 AM
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 7, 77…}
RawDataMemory        : System.ReadOnlyMemory<Byte>[1873]
SerialNumber         : 053DFBFE155730DA4F381D58D61B418A
SignatureAlgorithm   : System.Security.Cryptography.Oid
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
Thumbprint           : BEB03458A97D5DD776E14B3872C8752BB96ACD3B
Version              : 3
Handle               : 2310748618784
Issuer               : CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Subject              : CN=cjatest20241203.example.cloud.dvag, ...
SerialNumberBytes    : System.ReadOnlyMemory<Byte>[16]

Output Powershell Version 7.5.0 (DnsNameList, EnhancedKeyUsageList empty):

Get-AzKeyVaultCertificate -VaultName <kv-name> -Name cjatest20241203-example-cloud-dvag |Select -ExpandProperty Certificate |Select -Property *

EnhancedKeyUsageList :
DnsNameList          :
SendAsTrustedIssuer  :
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}
FriendlyName         :
HasPrivateKey        : False
PrivateKey           :
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 5/16/2025 11:59:59 PM
NotBefore            : 2/16/2025 12:00:00 AM
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 7, 77…}
RawDataMemory        : System.ReadOnlyMemory<Byte>[1873]
SerialNumber         : 053DFBFE155730DA4F381D58D61B418A
SignatureAlgorithm   : System.Security.Cryptography.Oid
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
Thumbprint           : BEB03458A97D5DD776E14B3872C8752BB96ACD3B
Version              : 3
Handle               : 140116397011024
Issuer               : CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
Subject              : CN=cjatest20241203.example.cloud.dvag, ...
SerialNumberBytes    : System.ReadOnlyMemory<Byte>[16]

Is there anything I'm missing? The debug output of the command looks the same in 5.1/7.x - even the san_name array field is returned but not showing in the final console output.

Issue script & Debug output

Get-AzKeyVaultCertificate -VaultName <vault-name> -Name <cert-name> -Debug
DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:40 PM - GetAzureKeyVaultCertificate begin processing with ParameterSet 'ByName'.
DEBUG: 3:47:40 PM - using account id '<AccountId>'...
DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [Az.KeyVault], Cmdlet = [Get-AzKeyVaultCertificate]. Returning default value [True].
DEBUG: [Common.Authentication]: Authenticating using Account: '<AccountId>', environment: 'AzureCloud', tenant: '<TenantId>'
DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:40 PM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<TenantId>', Scopes:'https://vault.azure.net/.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<AccountId>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId:
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Internal cache] Clearing user token cache accessor.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Internal cache] Total number of cache partitions found while getting refresh tokens: 6
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fc1805f4-...] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Runtime] WAM supported OS.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [RuntimeBroker] ListWindowsWorkAndSchoolAccounts option was not enabled.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - 29638894-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] Found 8 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] Returning 8 accounts
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] MSAL MSAL.CoreCLR with assembly version '4.65.0.0'. CorrelationId(fed503f2-...)
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] LoginHint provided: False
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Account provided: True
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] ForceRefresh: False
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...]
=== Request Data ===
Authority Provided? - True
Scopes - https://vault.azure.net/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - True
HomeAccountId - False
CorrelationId - fed503f2-...
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] === Token Acquisition (SilentRequest) started:
         Scopes: https://vault.azure.net/.default
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Broker is configured and enabled, attempting to use broker instead.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Runtime] WAM supported OS.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Can invoke broker. Will attempt to acquire token with broker.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0001]     WARNING SetAuthorityUri:78      Initializing authority from URI 'https://login.microsoftonline.com/<TenantId>/' without authority type, defaulting to MsSts
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: fed503f2-...
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: start_time, Value: 2025-03-21T14:47:40.000Z
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: api_name, Value: ReadAccountById
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: authority_type, Value: Unknown
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: correlation_id, Value: fed503f2-...
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: broker_app_used, Value: false
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: stop_time, Value: 2025-03-21T14:47:40.000Z
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.2
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: is_successful, Value: true
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    LogTelemetryData:430    Key: request_duration, Value: 0
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    SetCorrelationId:258    Set correlation ID: fed503f2-...
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    EnqueueBackgroundRequest:1000   The original authority is 'https://login.microsoftonline.com/<TenantId>'
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    ModifyAndValidateAuthParameters:219     Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     INFO    ModifyAndValidateAuthParameters:243     Authority Realm: <TenantId>
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0004]     WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1052        MsaDeviceOperationProvider is not available. Not attempting to register the device.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    StorageTokenResponse:84 StorageTokenResponse account constructor invoked. This is only expected in Runtime flows
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: fed503f2-...
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: start_time, Value: 2025-03-21T14:47:40.000Z
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: api_name, Value: AcquireTokenSilently
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: authority_type, Value: AAD
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: access_token_expiry_time, Value: 2025-03-21T15:32:23.000Z
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: read_token, Value: ID|AT
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: client_id, Value: 1950a258-227b-4e31-a9cf-717495945fc2
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: correlation_id, Value: fed503f2-...
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: broker_app_used, Value: false
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: stop_time, Value: 2025-03-21T14:47:40.000Z
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.2
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: original_authority, Value: https://login.microsoftonline.com/<TenantId>
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: request_eligible_for_broker, Value: true
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: additional_query_parameters_count, Value: 1
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: storage_read, Value: DAC|DAT|DID
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: auth_flow, Value: AT
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: is_successful, Value: true
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: authorization_type, Value: WindowsIntegratedAuth
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:430    Key: request_duration, Value: 4
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:435    Printing Execution Flow:
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [MSAL:0003]     INFO    LogTelemetryData:443    {...}
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [RuntimeBroker] WAM response status success
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Checking MsalTokenResponse returned from broker.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Success. Response contains an access token.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Checking client info returned from the server..
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Saving token response to cache..
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Internal cache] Clearing user token cache accessor.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Internal cache] Total number of cache partitions found while getting refresh tokens: 6
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Internal cache] Total number of cache partitions found while getting access tokens: 6
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z] [Internal cache] Total number of cache partitions found while getting refresh tokens: 6
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...]
        === Token Acquisition finished successfully:
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...]  AT expiration time: 3/21/2025 3:32:22 PM +00:00, scopes: https://vault.azure.net/.default https://vault.azure.net/user_impersonation. source: Broker
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] Fetched access token from host login.microsoftonline.com.
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...]
[LogMetricsFromAuthResult] Cache Refresh Reason: NotApplicable
[LogMetricsFromAuthResult] DurationInCacheInMs: 8
[LogMetricsFromAuthResult] DurationTotalInMs: 35
[LogMetricsFromAuthResult] DurationInHttpInMs: 0
DEBUG: False MSAL 4.65.0.0 MSAL.CoreCLR .NET 8.0.12 Microsoft Windows 10.0.22631 [2025-03-21 14:47:40Z - fed503f2-...] TokenEndpoint: ****
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://vault.azure.net/.default ] ParentRequestId:  ExpiresOn: 2025-03-21T15:32:22.5450790+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '<TenantId>', UserId: '<AccountId>'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://<vault-name>.vault.azure.net//certificates/<cert-name>/?api-version=7.0

Headers:
Accept-Language               : en-US
x-ms-client-request-id        : ...

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-keyvault-region          : westeurope
x-ms-client-request-id        : ...
x-ms-request-id               : ...
x-ms-keyvault-service-version : 1.9.2228.1
x-ms-keyvault-network-info    : conn_type=Ipv4;addr=xx.xx.xx.xx;act_addr_fam=InterNetwork;
x-ms-keyvault-rbac-assignment-id: ...
X-Content-Type-Options        : nosniff
Strict-Transport-Security     : max-age=31536000;includeSubDomains
Date                          : Fri, 21 Mar 2025 14:47:40 GMT

Body:
{
  "id": "https://<vault-name>.vault.azure.net/certificates/<cert-name>/<version>",
  "kid": "https://<vault-name>.vault.azure.net/keys/<cert-name>/<version>",
  "sid": "https://<vault-name>.vault.azure.net/secrets/<cert-name>/<version>",
  "x5t": "<...>",
  "cer": "MIIHTTCC...==",
  "attributes": {
    "enabled": true,
    "nbf": 1739664000,
    "exp": 1747439999,
    "created": 1739678405,
    "updated": 1739678405,
    "recoveryLevel": "Recoverable+Purgeable"
  },
  "tags": {},
  "policy": {
    "id": "https://<vault-name>.vault.azure.net/certificates/<cert-name>/policy",
    "key_props": {
      "exportable": true,
      "kty": "RSA",
      "key_size": 2048,
      "reuse_key": false
    },
    "secret_props": {
      "contentType": "application/x-pkcs12"
    },
    "x509_props": {
      "subject": "CN=cjatest20241203.example...",
      "sans": {
        "dns_names": [
          "cjatest20241203.example...",
          "cjatest20241205.example..."
        ]
      },
      "ekus": [
        "1.3.6.1.5.5.7.3.1",
        "1.3.6.1.5.5.7.3.2"
      ],
      "key_usage": [
        "digitalSignature",
        "keyEncipherment"
      ],
      "validity_months": 3,
      "basic_constraints": {
        "ca": false
      }
    },
    "lifetime_actions": [
      {
        "trigger": {
          "lifetime_percentage": 80
        },
        "action": {
          "action_type": "AutoRenew"
        }
      }
    ],
    "issuer": {
      "name": "..."
    },
    "attributes": {
      "enabled": true,
      "created": 1733216916,
      "updated": 1733400574
    }
  },
  "pending": {
    "id": "https://<kv-name>.vault.azure.net/certificates/<cert-name>/pending"
  }
}


DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

Name          : <cert-name>
Vault Name    : <kv-name>
Version       : <version>
Id            : https://<kv-name>.vault.azure.net:443/certificates/<cert-name>/<version>
KeyId         : https://<kv-name>.vault.azure.net:443/keys/<cert-name>/<version>
SecretId      : https://<kv-name>.vault.azure.net:443/secrets/<cert-name>/<version>
Certificate   : [Subject]
                  CN=cjatest20241203.example....

                [Issuer]
                  CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

                [Serial Number]
                  ...

                [Not Before]
                  2/16/2025 1:00:00 AM

                [Not After]
                  5/17/2025 1:59:59 AM

                [Thumbprint]
                  <...>

Thumbprint    : <...>
Policy        :
RecoveryLevel : Recoverable+Purgeable
Enabled       : True
Expires       : 5/16/2025 11:59:59 PM
Not Before    : 2/16/2025 12:00:00 AM
Created       : 2/16/2025 4:00:05 AM
Updated       : 2/16/2025 4:00:05 AM
Tags          : 
                


DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.KeyVault:6.3.1; CommandName: Get-AzKeyVaultCertificate; PSVersion: 7.4.7; IsSuccess: True; Duration: 00:00:00.3743192; SanitizeDuration: 00:00:00.0000887
DEBUG: 3:47:40 PM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:41 PM - GetAzureKeyVaultCertificate end processing.

Environment data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.7
PSEdition                      Core
GitCommitId                    7.4.7
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

Get-Module Az.KeyVault

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     6.3.1                 Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateContact, Add-AzKeyVaultKey, Add-AzKeyVaultManagedStorageAccount…}

Error output

no error output
@cjagodics cjagodics added bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Mar 21, 2025
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team. and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Mar 21, 2025
@isra-fel isra-fel added KeyVault Azure PS Team and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Mar 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@notyashhh notyashhh

Labels
Azure PS Team bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported KeyVault
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@isra-fel @notyashhh @cjagodics