wap cmdlets - add-certificate error

I'm doing something wrong when trying to upload a certificate to Azure using the WAPPA command, add-certificate.

This is what I'm running in powershell:

add-certificate -ServiceName myService -CertificateToDeploy ".\mycert.cer" -SubscriptionId 1234c88c-xxxx-xxxx-ad88-888c6ec5fc4a -Certificate (get-item cert:\CurrentUser\My\0E5A777B38724D85F415E011192D2EF888888884)

And this is the error that keeps coming up.

Add-Certificate : The index value is not valid. At line:1 char:16 + add-certificate <<开发者_开发百科...(removed repeat of command)... + CategoryInfo : CloseError: (:) [Add-Certificate], CryptographicException + FullyQualifiedErrorId : Microsoft.Samples.AzureManagementTools.PowerShell.Certificates.AddCertificateCommand

We're sure the serviceName and subscriptionId are correct and looking at all the examples we can find it looks like the other parameters are correct as well...but clearly one (or both) of them is not. We just cannot see why.

Any suggestions greatly appreciated :-)

The Add-Certificate command is meant to upload a certificate (typically with a private key) to a hosted service. IIRC, it will attempt to wrap the .cer file with a .pfx wrapper and upload that with a simple password. It does this because the portal used to require passwords with certificates (it assumed people only uploaded certs with private keys). Something in that code path might be wrong based on the cryptographic exception. I wish there was more of a stack trace to see.

If you upload a pfx (with exportable key), does that work? Is it just an issue because of the .cer file and lack of password?

Another thought: the -ServiceName parameter might be case sensitive as it resolves to a DNS name (servicename.cloudapp.net). Can you make sure that you are using all lowercase?

Edit: another thought - try importing the .cer into your system and using the get-item cert: format to refer to it again. Looking at the code, I am not totally sure that it will work correctly with a file path specified when it is not a pfx. I am guessing that importing a .cer file with a blank password might fail. That is only by running the code I see through my internal (mind) debugger:

    private byte[] GetCertificateData()
    {
        var cert = new X509Certificate2();
        byte[] certData = null;

        if (((this.CertificateToDeploy is PSObject) && ((PSObject)this.CertificateToDeploy).ImmediateBaseObject is X509Certificate) ||
            (this.CertificateToDeploy is X509Certificate))
        {
            cert = ((PSObject)this.CertificateToDeploy).ImmediateBaseObject as X509Certificate2;

            try
            {
                certData = cert.HasPrivateKey ? cert.Export(X509ContentType.Pfx) : cert.Export(X509ContentType.Pkcs12);
            }
            catch (CryptographicException)
            {
                certData = cert.HasPrivateKey ? cert.RawData : cert.Export(X509ContentType.Pkcs12);
            }
        }
        else
        {
            cert.Import(this.ResolvePath(this.CertificateToDeploy.ToString()), this.Password, X509KeyStorageFlags.Exportable);
            certData = cert.HasPrivateKey ? cert.Export(X509ContentType.Pfx, this.Password) : cert.Export(X509ContentType.Pkcs12);
        }

        return certData;
    }