sabixx
commented
1 month ago I just figured out that the order in the P12 is important. If the leaf certificate is first in the P12, it's not an issue. When the chain is first, it runs into the error.
Open sabixx opened 1 month ago
sabixx
commented
1 month ago I just figured out that the order in the P12 is important. If the leaf certificate is first in the P12, it's not an issue. When the chain is first, it runs into the error.
PROBLEM SUMMARY When a p12 file used for certificated-based authentication contains a chain, vcert cannot authenticate.
STEPS TO REPRODUCE create a p12 with a chain, enable certificate-based authentication, grant permissions for the account, and grant API access.
EXPECTED RESULTS vcert should be able to authenticate
ACTUAL RESULTS the authentication fails, vcert isn't able to extract the right certificate
2024-09-19T07:13:34.954+0200 INFO vcert/playbook.go:179 attempting to enable certificate authentication to TPP 2024-09-19T07:13:34.974+0200 ERROR vcert/playbook.go:129 tls config error {"error": "failed reading PEM data to build X.509 certificate: tls: private key does not match public key"} main.doRunPlaybook /vcert/cmd/vcert/playbook.go:129 github.com/urfave/cli/v2.(Command).Run /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274 github.com/urfave/cli/v2.(Command).Run /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267 github.com/urfave/cli/v2.(App).RunContext /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332 github.com/urfave/cli/v2.(App).Run /go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309 main.main /vcert/cmd/vcert/main.go:159 runtime.main /usr/local/go/src/runtime/proc.go:267
ENVIRONMENT DETAILS ran on windows.
COMMENTS/WORKAROUNDS TPP can provision p12 files, including the chain.