search

Venafi / vcert

Go client SDK and command line utility designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.
https://support.venafi.com/hc/en-us/articles/217991528
Apache License 2.0
88 stars 64 forks source link

Error 500 returned when requesting EC certificate with Firefly #371

Closed jyppy closed 1 year ago

jyppy commented 1 year ago

PROBLEM SUMMARY Unable to get an ECC certificate from Firefly using vcert v5.1-rc1

STEPS TO REPRODUCE Have a working Firefly, valid JWT, and Rest endpoint working, use

vcert enroll --platform firefly --token $JWT_THIS --url https://10.11.11.1:8003 \
--verbose --cn vcert01.demo.example --no-prompt --csr service -z 'Demo Policy 1'  \
--trust-bundle ./myff.pem \
--key-type ecdsa

EXPECTED RESULTS

I'd expect a PEM file to be returned.

ACTUAL RESULTS

This is the error returned (Error 500)

Cert: 2023/08/25 12:00:33 Detected trust bundle flag at CLI. vCert: 2023/08/25 12:00:33 You specified a trust bundle. 2023-08-25T12:00:33.917+1000 INFO firefly/connector.go:99 successfully authenticated {"platform": "FIREFLY"} vCert: 2023/08/25 12:00:33 Successfully connected to Firefly vCert: 2023/08/25 12:00:33 Successfully read zone configuration for Demo Policy 1 vCert: 2023/08/25 12:00:33 Successfully created request for vcert01.demo.example 2023-08-25T12:00:33.917+1000 INFO firefly/connector.go:201 requesting certificate {"cn": "vcert01.demo.example", "platform": "FIREFLY"} 2023-08-25T12:00:33.917+1000 INFO firefly/connector.go:232 building certificate request {"platform": "FIREFLY"} 2023-08-25T12:00:33.917+1000 INFO firefly/connector.go:319 successfully built certificate request {"platform": "FIREFLY"} 2023-08-25T12:00:33.917+1000 INFO firefly/connector.go:205 sending HTTP request {"platform": "FIREFLY"} vCert: 2023/08/25 12:00:33 Got 500 Internal Server Error status for POST https://10.11.11.1:8003/v1/certificaterequest 2023-08-25T12:00:33.927+1000 ERROR firefly/connector.go:215 failed to parse HTTP response {"platform": "FIREFLY", "error": "unexpected status code on Venafi Firefly. Status: 500 Internal Server Error error: failed to issue certificate"} vCert: 2023/08/25 12:00:33 unexpected status code on Venafi Firefly. Status: 500 Internal Server Error error: failed to issue certificate

  • * ENVIRONMENT DETAILS

    MacOS M1 Build Venafi Certificate Utility Version: v5.1.0-rc1 Build Timestamp: 20230822.184047

COMMENTS/WORKAROUNDS

Changing the key type to RSA => no errors

vcert enroll --platform firefly --token $JWT_THIS --url https://10.11.11.1:8003 \
--verbose --cn vcert01.demo.example --no-prompt --csr service -z 'Demo Policy 1' \
--trust-bundle ./myff.pem \
--key-type rsa

returns the certificate as expected

vCert: 2023/08/25 12:09:33 Detected trust bundle flag at CLI. vCert: 2023/08/25 12:09:33 You specified a trust bundle. 2023-08-25T12:09:33.538+1000 INFO firefly/connector.go:99 successfully authenticated {"platform": "FIREFLY"} vCert: 2023/08/25 12:09:33 Successfully connected to Firefly vCert: 2023/08/25 12:09:33 Successfully read zone configuration for Demo Policy 1 vCert: 2023/08/25 12:09:33 Successfully created request for vcert01.demo.example 2023-08-25T12:09:33.538+1000 INFO firefly/connector.go:201 requesting certificate {"cn": "vcert01.demo.example", "platform": "FIREFLY"} 2023-08-25T12:09:33.538+1000 INFO firefly/connector.go:232 building certificate request {"platform": "FIREFLY"} 2023-08-25T12:09:33.538+1000 INFO firefly/connector.go:319 successfully built certificate request {"platform": "FIREFLY"} 2023-08-25T12:09:33.538+1000 INFO firefly/connector.go:205 sending HTTP request {"platform": "FIREFLY"} vCert: 2023/08/25 12:09:33 Got 200 OK status for POST https://10.11.11.1:8003/v1/certificaterequest 2023-08-25T12:09:33.679+1000 INFO firefly/connector.go:227 successfully requested certificate {"platform": "FIREFLY"} vCert: 2023/08/25 12:09:33 Successfully requested certificate for vcert01.demo.example -----BEGIN CERTIFICATE----- MIICUzCCAfmgAwIBAgIQLP+RZ8hHDWldAmm4AQXFuzAKBggqhkjOPQQDAjAVMRMw EQYDVQQDEwpNeSBGaXJlZmx5MB4XDTIzMDgyNTAyMDkzM1oXDTIzMDkwMTAyMDkz M1owHzEdMBsGA1UEAxMUdmNlcnQwMS5kZW1vLmV4YW1wbGUwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDHblPsW2/ZUjHSDms0wM7SSqhQxbQ4c+MSn6pW

marcos-albornoz commented 1 year ago

The bug was given the default --key-size was not working properly for Firefly. The issue is already fixed in vcert v5.1-rc1