search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.95k forks source link

Issues while Verifying the Certificate - Azure CLI and PowerShell #5376

Open gpadbidri opened 6 years ago

gpadbidri commented 6 years ago

Hi,

O.S Details : Windows 10 azure-cli : (2.0.25) Extensions: azure-cli-iot-ext (0.4.0) PowerShell Version : 5.1

I am facing an issue when I try to verify my certificate with the generated code from Azure Portal. Below is the logged error :

raise models.ErrorDetailsException(self._deserialize, response) azure.mgmt.iothub.models.error_details.ErrorDetailsException: Proof-Of-Possession failed. Issuer certificate 'CN=Azure IoT New Root CA Gauri New1' cannot be found in the certificate chain. If you contact a support representative please include this correlation identifier: db9cd4a3-9e94-4c4b-8ee0-5f6965d39349, timestamp: 2018-01-23 11:19:29Z, errorcode: IH400053.

Following is what I did : Ref article : MSDN Created a Root Certificate via PowerShell Scripts in the above article. Created Intermediate Certificates i.e. Chain Of Trust via PowerShell Uploaded Root Certificate to IoT Hub via via PowerShell and also tried with Azure CLI Generated Verification Code via PowerShell and also via Azure CLI Created the Verification Certificate "VerifyCert4.cer" using the Generated Verification Code via PowerShell

Result : The above mentioned error when I run via CLI. image

Environment summary

Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build) / CLI version (az --version) / OS version / Shell Type (e.g. bash, cmd.exe, Bash on Windows)

gpadbidri commented 6 years ago

I have even tried with this option using PowerShell. But nothing seems to work as expected.

tjprescott commented 6 years ago

@digimaun for comment

digimaun commented 6 years ago

Hi @gpadbidri, I just tried going through the reference you linked for Bash. It was working as expected.

The error is indicating your Root CA is missing from the verification cert. The verification cert needs to be signed by the root CA and contain the verification key given to you in the subject.

You can look at how certGen.sh was implemented to get an idea how to do this with openssl (or the equivalent Powershell code and dependencies).

gpadbidri commented 6 years ago

Any updates on this one ? Cannot proceed with the Certificate Verification. I have mirrored every step in the MSDN article for creating and verifying Self Signed Certificates, but no luck.

digimaun commented 6 years ago

@gpadbidri , it is unlikely you are having an issue with Azure CLI. Azure CLI is not doing the cert verification. It is passing the verification cert you provide to Azure and returning the result. Possibly the MSDN article has an issue or a step in it may be misunderstood.

Are you able to try the C SDK resource you linked using the bash option to validate it working?