Adding cert/key pem files results in "Has Private Key: No"

[kevinlong206]

Greetings,

I am using the Azure Keyvault Secrets store CSI driver, which places PEM encoded files (both a combined file with cert+key, as well as separate .crt and .key files, you can use either, and I have tried both).

Before my app starts up, in the container I am invoking certificate-tool add and specifying the .crt and .key files. These files are both PEM encoded, plain text files with "BEGIN/END" headers and base64 encoded keys.

`# certificate-tool add -f /mnt/secrets-store/ctsrp-kelon-aad.crt -k /mnt/secrets-store/ctsrp-kelon-aad.key
Installing certificate from '/mnt/secrets-store/ctsrp-kelon-aad.crt' to 'My' certificate store (location: CurrentUser)...
Done.
root@cts-rp-deployment-644c648795-mbxr7:/mnt/secrets-store# certificate-tool list
Certificates stored in 'My' certificate store (location: CurrentUser):

#1:
Subject : CN=redacted
Issuer : CN=redacted
Serial Number : 1601CC4....
Not Before : 08/14/2025 03:09:02
Not After : 02/10/2026 03:09:02
Thumbprint : FF...
Signature Algorithm : sha256RSA (1.2.840.113549.1.1.11)
PublicKey Algorithm : RSA (1.2.840.113549.1.1.1)
Has PrivateKey : No`

Is there any way to debug why the Private Key is not being added? I want it to be added to the cert store with no password.

As I mentioned, I also tried to import the PEM file which contains both the certs and key, and this did not work either.

[stylianosnicoletti]

There's no runtime logging today, that is something we can add in future releases. Could you checkout the code and try to reproduce your certificate imprt process locally in debug mode to find why the private key isn't attached? If you find an issue/fix, please open a PR