Create a Microsoft Azure Key Vault to Install Certificates

Announcement: Starting June 1, 2023,’s Organization Validation (OV) and Individual Validation (IV) Code Signing Certificates will only be issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or through our eSigner cloud code signing service. This change is in compliance with the Certificate Authority/Browser (CA/B) Forum’s new key storage requirements to increase security for code signing keys. The previous rule allowed OV and IV code signing certificates to be generated as downloadable PFX files. Since the new requirements only allow the use of encrypted USB tokens or cloud-based FIPS compliant hardware appliances to store the certificate and private key, it is expected that instances of code signing keys being stolen and misused by malicious actors will be greatly reduced. Click this link to learn more about eSigner.

Time needed: 30 minutes

These instructions will show you how to create a Key Vault in the Azure portal. You can install certificates from in your Key Vault by importing PKCS#12/PFX files or creating and merging certificate signing requests (CSRs). You will need an Azure account before getting started.

  1. Sign into Azure.

    Sign into the Azure portal.

    Sign into Azure

  2. Create a resource.

    Click Create a resource.
    Create a resource

  3. Search for Key Vault.

    Type “key vault” into the search field and press enter.
    search for key vault

  4. Click Key Vault link.

    Click the search result for Key Vault.
    Search result for Key Vault

  5. Click Create.

    Click the Create button to begin creating a new Key Vault.

  6. Select subscription and resource group.

    Select a subscription and a resource group. You can create a new resource group if necessary by clicking create new.
    subscription and resource group

  7. Set name and region.

    Create a name for your Key Vault and select a region. The name may include only alphanumeric characters and dashes, and may not begin with a number.
    name and region

  8. Select pricing tier.

    Choose a pricing tier from the drop-down menu. Selecting Premium will allow you to create HSM-protected keys.
    select pricing tier

  9. Set recovery options.

    Set the recovery options for your Key Vault, including purge protection and the number of days to retain deleted vaults.
    Set recovery options

  10. Continue to Access Policy screen.

    Click the Next: Access Policy button.
    Next: Access policy

  11. Set access policies.

    Set the access policies for your Key Vault.
    access policy

  12. Continue to networking settings.

    Click the Next: Networking button.
    Next: Networking

  13. Choose connectivity method.

    Choose a connectivity method for your Key Vault.choose connectivity method

  14. Continue to tags settings.

    Click the Next: Tags button.
    Next: Tags

  15. Add tags.

    If desired, create tags for your Key Vault.
    add tags

  16. Continue to Review and Create.

    Click the Next: Review and Create button
    Next: Review + create

  17. Review settings and create Key Vault.

    Review your settings, them click the Create button to create your new Key Vault.
    review and create

  18. Finished!

    Azure will create your new Key Vault. When it is ready, you can visit it by clicking the Go to resource button.
    Go to Resource

  19. Next steps.

    Now that your new Key Vault is ready, you can use it to import digital certificates, or generate certificate signing requests (CSRs).
    Select key vault

Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.