Open grgarcia-ms opened 1 month ago
azure-client-tools-bot-prd[bot]
commented
1 month ago Hi @grgarcia-ms,
2.39.0 is not the latest Azure CLI(2.62.0).
If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.
yonzhan
commented
1 month ago Thank you for opening this issue, we will look into it.
grgarcia-ms
commented
1 month ago We are hoping this can be resolved by az cli adding support of send_certificate_chain=True equivalent command, please provide a way to unblock our teams we need a way of signing in using SNI CERT with az cli for some of our jobs running
Describe the bug
When downloading cert from kv as in instructions here, login in DOES NOT WORK if cert relies on signed cert. It DOES work on SDK packages, with same cert, somewhere in az cli the certificate CHAIN seems like is not being sent like sdk (send_certificate_chain=True) https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-3#work-with-azure-key-vault
Related command
az login --service-principal -u "" -p cert.pem --tenant ""
Errors
AADSTS700030: Invalid certificate - subject name in certificate is not authorized. SubjectNames/SubjectAlternativeNames (up to 10) in token certificate are: ameroot. Trace ID: 3a06737e-f940-45f3-96a2-0cd091da5100 Correlation ID: a957054b-bbc5-403b-ac43-fa5fb4ae041e Timestamp: 2024-07-15 16:48:58Z
Issue script & Debug output
az keyvault secret download --file /path/to/cert.pfx \ --vault-name VaultName \ --name CertName \ --encoding base64 openssl pkcs12 -in cert.pfx -passin pass: -passout pass: -out cert.pem -nodes az login --service-principal -u "" -p cert.pem --tenant ""
Expected behavior
login should work
Environment Summary
azure-cli 2.39.0 *
core 2.39.0 telemetry 1.0.6
Extensions: ml 0.0.125556467 providerhub 0.2.0
Dependencies: msal 1.18.0b1 azure-mgmt-resource 21.1.0b1
Additional context
this is very urgent as teams move to use cert instead of passwords, please prioritize if possible