Follow the installer doc https://github.com/openshift/installer/blob/main/docs/dev/azure/azure_client_certs_auth.md to generate pkcs12 file with password, populate related information to osServicePrincipal.json, including clientCertificate and clientCertificatePassword, use this SP to create cluster, got below error in .openshift-install.log
---------------
time="2026-01-05T05:23:30Z" level=debug msg="E0105 05:23:30.349453   20667 setup.go:117] \"failed to initialize clients\" err=\"error while fetching default global credential: unable to get client certificate credential: failed to parse certificate for '4b747ce4-f72c-41ad-a87e-b3a577e07110': pkcs12: error reading P12 data: asn1: structure error: tags don't match (16 vs {class:0 tag:13 length:45 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} pfxPdu @2\""
time="2026-01-05T05:23:30Z" level=debug msg="Collecting applied cluster api manifests..."
time="2026-01-05T05:23:30Z" level=error msg="failed to fetch Cluster: failed to generate asset \"Cluster\": failed to create cluster: failed to run cluster api system: failed to run controller \"azureaso infrastructure provider\": failed to start controller \"azureaso infrastructure provider\": timeout waiting for process cluster-api-provider-azureaso to start successfully (it may have failed to start, or stopped unexpectedly before becoming ready)" 

    4.21 nightly build

    Always

    1. Create SP with certificates
    2. Generate pkc12 files with private key and certificates
    3. Configure osServicePrincipal.json
    4. Use this auth file to create cluster     

    Installation failed

    Installation succeeded

Related PR https://github.com/openshift/installer/pull/10019