How to generate cert for test use

[xiaolang124]

version { "azure-cli": "2.31.0", "azure-cli-core": "2.31.0", "azure-cli-telemetry": "1.0.6" }

Describe the bug I follow the doc https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal to generate a certificate for service principal. I only can export cer and pfx from certmgr. And I upload the cer to the service principal. Because az-cli does not support pfx to login service principal. So I use openssl pkcs12 -in 2.pfx -out 3.pem -nodes to convert pfx to pem. But when I login by using this pem, I get error as below. AADSTS7000215: Invalid client secret is provided. Trace ID: f0ac8dc9-8841-4a44-a9a3-2882efa90600 Correlation ID: 31d07a43-b82b-4f49-a2ef-e05245d1dc68

Do you have any idea about how to generate certificate for self test?

[jiasli]

I followed your steps but couldn't reproduce this issue.

Could you share the command you used? Most likely the certificate PEM file path provided to --password parameter is incorrect and az login treated it as client secret instead.

It should be something like

az login --service-principal --username d0e3a385-0435-4e2d-bc8b-8298daa7e115 --password C:\users\myname\Desktop\34.pem --tenant 54826b22-38d6-4fb2-bad9-b7b93a3e9c5a

[jiasli]

As discussed offline, the root cause is your used --password ~\Desktop\3.pem, but ~ is not recognized by az login. Submitting a PR to fix it.

[xiaolang124]

Thanks for the support.