Import a Certificate into Microsoft Azure Key Vault

Time needed: 15 minutes

This guide is applicable only to IV and OV code signing certificates that were issued before June 1, 2023, as well as SSL/TLS certificates. Starting June 1, 2023,’s Organization Validation (OV) and Individual Validation (IV) Code Signing Certificates have been issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or through our eSigner cloud code signing service. This change is in compliance with the Certificate Authority/Browser (CA/B) Forum’s new key storage requirements to increase security for code signing keys.

Here, you will learn how to import a PKCS#12 file containing a certificate and private key into Azure Key Vault.  You will need to create a Key Vault in your Azure account before using this how-to.

  1. Select Key Vault.

    Sign into the Azure portal and select the key vault where you wish to install your certificate.
    Select Key Vault

  2. Open certificates settings.

    Select Certificates in the right-hand Settings menu.
    Certificates link

  3. Click Generate/Import.

    Click the Generate/Import link to begin the import process.

  4. Select Import.

    Select Import from the Method of Certificate Creation menu.
    Select Import

  5. Enter certificate name.

    Enter a unique name for the certificate in the Certificate Name field. The name must contain only alphanumeric characters and dashes.
    Enter certificate name

  6. Upload certificate.

    Click the folder icon and browse for the PKCS#12 certificate file you want to install. Note that Azure requires the extension .pfx for PKCS#12 uploads, so you will need to change the extension from .p12 to .pfx for files downloaded from
    Upload certificate file

  7. Enter PKCS#12 password.

    Enter the password for the PKCS#12 file. If you downloaded the file from, this is the password you created when you generated and retrieved the certificate.
    Enter password

  8. Click Create.

    Click the Create button to import the certificate.
    Click Create button

  9. Finished!

    The certificate and private key are now imported into Key Vault and are available for use.
    Certificate in key vault’s EV Code Signing certificates help protect your code from unauthorized tampering and compromise with the highest level of validation, and are available for as little as $249 per year. You can also use your EV Code Signing certificate at scale in the cloud using eSigner. With its automated option, eSigner is suitable for enterprise code signing.


Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.