Azure Tip #8 – Fix “Data for certificate is Invalid” error

An backend certificate is required to generate the authentication certificates or trusted root certificates required for allowing backend instances with Application Gateway.

When you are uploading the .CER certificate file for the HTTP Settings in the Application Gateway in Azure , there are times when you will receive the below error “Data for certificate “” is invalid.”

Azure Tip #8 - Fix "Data for certificate is Invalid" error

How to fix the Data for Certificate is Invalid error in Azure Portal when Updating Application Gateway ?

The reason for the error is that the .CER file that you are uploading is not in the format that Azure requires for the authentication certificate.

The authentication certificate is the public key of backend server certificates in Base-64 encoded X.509(.CER) format. Your existing .CER file will be in the PKCS#7 file format and needs to be converted in to PKCS#10 file .

How to Convert PKCS#7 file into a PKCS#10 format ?

  1. Copy and paste the certificate text into a plain text editor such as Notepad. Ensure that you include the header and footer including the dashes —–BEGIN PKCS7—– . Save the file as AzureBackEndCertificate.p7b
  2. Double-click the p7b file that you created now and navigate to the folder that lists the name and location of the file.
  3. Click the Certificates folder and select the certificate with your common name (domain name) and right click and select All Tasks -> Export.
  4. In the Certificate Export Wizard , click next and Select Base-64 encoded X.509 (.CER) and select Next.
  5. Choose a file name and location where the new CER file will be exported to and click Next.
  6. Click Finish to complete the export of the authentication certificate.

Now , its time to upload the exported .CER file (in Base-64 encoded X.509(.CER) format) to your Azure Backend Http Settings and you should now see the certificate getting uploaded successfully.