yonzhan
commented
5 months ago Thank you for opening this issue, we will look into it.
Open anttikes opened 5 months ago
yonzhan
commented
5 months ago Thank you for opening this issue, we will look into it.
anttikes
commented
5 months ago Using base64 decode against the data returned in "publicCertData" verifies the problematic behavior:
echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQ2pDQ0FmS2dBd0lCQWdJVWRTQUtveU51ckRjdHR2UFo4a2FrNWJiWjI0c3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SFRFYk1Ca0dBMVVFQXd3U1RYa2dSMkYwWlhkaGVTQlNiMjkwSUVOQk1CNFhEVEkwTURZd056QTBORGt3DQpNRm9YRFRRME1EWXdOekEwTkRrd01Gb3dIVEViTUJrR0ExVUVBd3dTVFhrZ1IyRjBaWGRoZVNCU2IyOTBJRU5CDQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWhlYVFpTmtJaDJsQlIvTkRGTzYzDQpLdUlacXN4cDRjaU1MWTVwTGdmT2FJbDV6UW96SEh1WVA0empxK1hqWkJJT0puTnJSVkQ4azNsdjZTOW52SlNpDQpUbUVYQjBXWEZUaC9Ba2NwT2lxK3dTZHBQb0htZ2p2bWZodVIwbHB3Vlc4WUdzbFV5UklnRWlEc0YyMFFyTy9TDQpmRjNONkdHZ2htaW8xSGNobGwrSnQ0WGtoY05sMXNTWUFyQ1ZIcTMyREo3bXJSN0x3WGduWWFudXkrRU9MMFA3DQpWcHpvNjZRcXFGRjhzUXYxMFZNWjF6RjBySjlnekJkVEx0cnRaTEM3Z0JYTG4yZVhGM0c5ZEVQRkdMeVNHTUFDDQpTWmJhdDhxRDI3dFJNZGFFaFJrQjU5ZkIxM2dUTFFrRmY1cFVMUnFpbHhRVkNDRTl5UiswaEc4MzZuaTFUL29rDQptd0lEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQ0JEQWRCZ05WDQpIUTRFRmdRVUNKRjhobU0rRnZ4aUM0WndCOEM4NVRmSEF6OHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQXZyDQpSbkRFQ3NCQ2ZaNUR6ekwzWDMybEJwdUF2eVRmcjgyVzBZMk9UTm9kMGRwQ1RUYUdnNFpVbnlCS21nK1B3aFE4DQpzd1RuNENzVFQ0d011Zng4UVZJWHorbEsvaVdaYVdtVjZPNWdmUnFENWNEWitmZVlHNm1DMFVDZUFxVkRRSytVDQpUNlk4SHJxMmpzNEJBR3pjd2piWnA5THU4QmFxTVd5Ymg5SkZaclltSFFhOFZ6OGpqYUFjSVlOL3ZwMlRBQkgvDQo5U3cvd0EzTGI4TzQvL1BObUJuSWM0TzY1Q3RndE1YRTIxQmNJS0RubERIUzB2cmFmQVJDU1BqRDNwMG5iRDhvDQpjcU1zQURWektsOVlhRmF2VVJjanl6bDgrcjVPMk85ZGliakpNZ2Nua2JLUCt4aHVrT2ZjWUNNbWlKYVhzWTV1DQp5ZThPclVoNk9Ka3c3bGdoNkZRPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K" | base64 -d -The result is:
-----BEGIN CERTIFICATE-----
MIIDCjCCAfKgAwIBAgIUdSAKoyNurDcttvPZ8kak5bbZ24swDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSTXkgR2F0ZXdheSBSb290IENBMB4XDTI0MDYwNzA0NDkw
MFoXDTQ0MDYwNzA0NDkwMFowHTEbMBkGA1UEAwwSTXkgR2F0ZXdheSBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheaQiNkIh2lBR/NDFO63
KuIZqsxp4ciMLY5pLgfOaIl5zQozHHuYP4zjq+XjZBIOJnNrRVD8k3lv6S9nvJSi
TmEXB0WXFTh/AkcpOiq+wSdpPoHmgjvmfhuR0lpwVW8YGslUyRIgEiDsF20QrO/S
fF3N6GGghmio1Hchll+Jt4XkhcNl1sSYArCVHq32DJ7mrR7LwXgnYanuy+EOL0P7
Vpzo66QqqFF8sQv10VMZ1zF0rJ9gzBdTLtrtZLC7gBXLn2eXF3G9dEPFGLySGMAC
SZbat8qD27tRMdaEhRkB59fB13gTLQkFf5pULRqilxQVCCE9yR+0hG836ni1T/ok
mwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNV
HQ4EFgQUCJF8hmM+FvxiC4ZwB8C85TfHAz8wDQYJKoZIhvcNAQELBQADggEBAAvr
RnDECsBCfZ5DzzL3X32lBpuAvyTfr82W0Y2OTNod0dpCTTaGg4ZUnyBKmg+PwhQ8
swTn4CsTT4wMufx8QVIXz+lK/iWZaWmV6O5gfRqD5cDZ+feYG6mC0UCeAqVDQK+U
T6Y8Hrq2js4BAGzcwjbZp9Lu8BaqMWybh9JFZrYmHQa8Vz8jjaAcIYN/vp2TABH/
9Sw/wA3Lb8O4//PNmBnIc4O65CtgtMXE21BcIKDnlDHS0vrafARCSPjD3p0nbD8o
cqMsADVzKl9YaFavURcjyzl8+r5O2O9dibjJMgcnkbKP+xhukOfcYCMmiJaXsY5u
ye8OrUh6OJkw7lgh6FQ=
-----END CERTIFICATE-----
Describe the bug
After creating a new private key and self-signed certificate with OpenSSL 3.1.4 and then attempting to upload the PEM format certificate file to a VPN Gateway instance with Az Cli the end result is that Az Cli takes the specified file (which contains e.g. the "--- BEGIN ---" and "--- END ---" parts, encodes the entire file with base64, and puts the result into the root certificate "Public certificate data" field.
As expected, any connection attempt with a certificate that's now signed with the private key will fail.
Related command
First issue the command
this generates a self-signed certificate and a private key. Then issue the command
to upload the certificate to Azure.
Errors
The command does not return an error message.
Issue script & Debug output
Expected behavior
Az Cli should read the file, and understand that it is a PEM file format, and thus it should just remove the "--- BEGIN ---" and "--- END ---" sections, and upload the content in the middle as-is, without doing any kind of encoding or transformations.
Environment Summary
azure-cli 2.61.0
core 2.61.0 telemetry 1.1.0
Extensions: azure-iot 0.23.1
Dependencies: msal 1.28.0 azure-mgmt-resource 23.1.1
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users*****.azure\cliextensions'
Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 21:52:07) [MSC v.1937 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response