Merge pull request Azure#10018 from juntakata/patch-1

wyunchi-ms · web-flow · commit 41f9a847d289 · 2019-10-22T13:05:42.000+08:00
Add how to get cert and save it as pfx
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultCertificate.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultCertificate.md
@@ -94,16 +94,33 @@ Certificate : [Subject]
               [Thumbprint] 
                 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
+KeyId       : https://contoso.vault.azure.net:443/keys/TestCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+SecretId    : https://contoso.vault.azure.net:443/secrets/TestCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 Thumbprint  : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 Tags        : 
 Enabled     : True
 Created     : 2/8/2016 11:21:45 PM
 Updated     : 2/8/2016 11:21:45 PM
 ```
 
-This command gets the certificate named TestCert01 from the key vault named ContosoKV01.
+### Example 2: Get cert and save it as pfx
+This command gets the certificate named TestCert01 from the key vault named ContosoKV01. To download the certificate as pfx file, run following command. These commands access SecretId and then save the content as a pfx file.
 
-### Example 2: Get all the certificates that have been deleted but not purged for this key vault.
+```powershell
+$cert = Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "TestCert01"
+$secret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $cert.SecretId
+
+$secretByte = [Convert]::FromBase64String($secret.SecretValueText)
+$x509Cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
+$x509Cert.Import($secretByte, "", "Exportable,PersistKeySet")
+$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx
+$pfxFileByte = $x509Cert.Export($type, $password)
+
+# Write to a file
+[System.IO.File]::WriteAllBytes("KeyValt.pfx", $pfxFileByte)
+```
+
+### Example 3: Get all the certificates that have been deleted but not purged for this key vault.
 ```powershell
 PS C:\> Get-AzKeyVaultCertificate -VaultName 'contoso' -InRemovedState
 
@@ -135,7 +152,7 @@ Id                 : https://contoso.vault.azure.net:443/certificates/test2
 
 This command gets all the certificates that have been previously deleted, but not purged, in the key vault named Contoso.
 
-### Example 3: Gets the certificate MyCert that has been deleted but not purged for this key vault.
+### Example 4: Gets the certificate MyCert that has been deleted but not purged for this key vault.
 ```powershell
 PS C:\> Get-AzKeyVaultCertificate -VaultName 'contoso' -Name 'test1' -InRemovedState
 
@@ -178,7 +195,7 @@ Id                 : https://contoso.vault.azure.net:443/certificates/test1/7fe4
 This command gets the certificate named 'MyCert' that has been previously deleted, but not purged, in the key vault named Contoso.
 This command will return metadata such as the deletion date, and the scheduled purging date of this deleted certificate.
 
-### Example 4: List certificates using filtering
+### Example 5: List certificates using filtering
 ```powershell
 PS C:\> Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "test*"
 
