Secrets have an identifier URL with the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>. For example https://vk-test-keyvault.vault.azure.net/secrets/yourdomain-cloudapp-net/595b30046acb48e024a4fc2dbd1b7561
Azure has now introduced the concept of Certificates in Key Vault. You can upload PFX files directly to the Key Vault without the pain of converting them to a JSON object.
Certificates have an identifier URL with the format https://<vaultEndpoint>/certificates/<secretName>/<secretVersion>. For example https://vk-test-keyvault.vault.azure.net/certificates/yourdomain-cloudapp-net/a86437e4906343c3a9ff48b4af7ffdbf
But you cannot refer to those certificate identifier URLs in ARM templates directly. For example, if you refer to the certificate identifier URL as follows
You will get the following error.
These certificates cannot be refered in ARM templates with their identifier URL. For every certficate that is uploaded, Key Vault also assigns a SecretId. You can list that by using the powershell cmdlet Get-AzureKeyVaultCertificate
You can refer to the certificate using the SecretId URL.