search

Azure / azure-sdk-for-java

This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/java/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-java.
MIT License
2.3k stars 1.96k forks source link

Intermediate certificate not loaded from the keyvault using JCA in tomcat #41906

Open wddwagner opened 2 days ago

wddwagner commented 2 days ago

I've followed the steps from Use Azure Key Vault to deliver TLS/SSL certificates to Apache Tomcat

My tomcat is running on a ubuntu pod (mcr.microsoft.com/openjdk/jdk:11-ubuntu) in Azure Kubernetes Service with an Azure Application Gateway. I am using this to achieve end to end encryption. Azure Application Gateway complains that there is no intermediate certificate. However the intermediate certificate was combined in the certificate that is in my keyvault. I am using a CA certifcate from Comodo.

I am not sure if this is an issue with the JCA or an azure Keyvault issue. If I load the same pfx that I used in the keyvault into a Java Key Store instead and use that in tomcat, then the Application Gateway does not complain.

github-actions[bot] commented 2 days ago

@moarychan @netyyyy @rujche @saragluna

github-actions[bot] commented 2 days ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

rujche commented 1 day ago

Hi, @wddwagner

Thanks for reaching out. It's a known issue, and already been fixed in https://github.com/Azure/azure-sdk-for-java/pull/41303 Please wait for next release. And it's planed to be released next month.

Of course, you can build a jar in main branch by yourself if you want to use it before it's released.