search

brent-robinson / posh-acme-azure-example

Example using the Posh-ACME PowerShell module to orchestrate TLS certificate issuance using ACME in Azure with Azure DevOps
https://medium.com/@brentrobinson5/automating-certificate-management-with-azure-and-lets-encrypt-fee6729e2b78
MIT License
30 stars 25 forks source link

The certificate data cannot be read with the provided password, the password may be incorrect #1

Closed rnkhouse closed 3 years ago

rnkhouse commented 3 years ago

I am getting below error in import certificate stage:

New-Object: /home/vsts/work/1/s/Import-AcmeCertificateToKeyVault.ps1:35
Line |
  35 |  … rtificate = New-Object -TypeName System.Security.Cryptography.X509Cer …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling ".ctor" with "3" argument(s): "The
     | certificate data cannot be read with the provided password,
     | the password may be incorrect."
##[error]PowerShell exited with code '1'.
##[error]PowerShell wrote one or more lines to the standard error stream.

Previously, it was working fine.

zerocaps commented 3 years ago

it's a change in v4 of Posh-ACME discussed here: https://github.com/rmbolger/Posh-ACME/issues/302

i used this to resolve it:

    $pfxPassSecure = ConvertTo-SecureString -String (Get-PAOrder $certificateName.Replace('!', '*')).PfxPass -AsPlainText -Force
    $certificate = Get-PfxCertificate -FilePath $pfxFilePath -Password $pfxPassSecure
rnkhouse commented 3 years ago

@zerocaps yes. I realized that afterward. I fixed it using the below code:

$PfxPassB64U = -join($orderData.PfxPassB64U, "", "=");
$PfxPass = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($PfxPassB64U));

And use $PfxPass instead of $orderData.PfxPass

MattWhite-personal commented 3 years ago

@zerocaps / @rnkhouse can you share the updated script that you are running - just noticed my script is failing and looking for the logic in the fix for azuredevops