Check if Azure Key Vault certificate uses exportable private keys

Is there a way to check if the certificate generated/provisioned in Azure Key Vault uses exportable private keys? Great question! The short answer is yes because that is the default setting. You may be wondering, that is great, but how can I double-check? Glad you asked!

When creating a new certificate in Azure Key Vault, we have the Advanced Policy Configuration (Item 1). Click on it.

On the new blade, we have several options for the cert that we are about to generate, and one of them is the Exportable Private Key. (Item 2), as you can see, it is enabled by default.

Azure Key Vault

An important note from the field, there is a sort of glitch on this blade. If you click OK, the status will not change from Not Configured. If you change any configuration on the blade and return to the original value, the status of Item 1 will change to Configured.

Just keep that in mind that by not doing anything, we are already creating a new cert. We will be using the default values listed in the image above.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top