search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.54k stars 4.61k forks source link

Attach a public CA/root certificate at azurerm_api_management fails #15600

Open droessler-robotron opened 2 years ago

droessler-robotron commented 2 years ago

I'd like to add a CA (intermediate) or root certificate to a API Management Resource. The cert files are in *.cer format.

I can not upload cer files to key vault certificates, so both files are kept as "secrets" inside the key vault.

Applying this result in the following Error: 

Error: creating/updating Api Management: (Service Name "***" / Resource Group "***"): apimanagement.ServiceClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidParameters" Message="Invalid parameter: The certificate's data file format associated with Intermediates must be a Base64-encoded .pfx file"

how can i get it to work ?

TF configuration part: 

#------------------------------------------------------------------------------
# API-Management
#------------------------------------------------------------------------------

resource "azurerm_api_management" "apimanagement" {
  name                = var.apim_service_name
  location            = var.location
  resource_group_name = var.resource_group_name_apim
  publisher_name      = var.publisher_name
  publisher_email     = var.publisher_email
  sku_name            = var.sku_name_apim

  virtual_network_type = "Internal"

  virtual_network_configuration {
    subnet_id = data.azurerm_subnet.subnet_apim.id
  }

  identity {
    type = "SystemAssigned, UserAssigned"
    identity_ids = [
      azurerm_user_assigned_identity.apimangement.id
    ]
  }

  policy {
    xml_content = data.local_file.cors.content
  }

  certificate {
    encoded_certificate = data.azurerm_key_vault_secret.root.value
    store_name          = "Root"
  }

  certificate {
    encoded_certificate = data.azurerm_key_vault_secret.intermediate.value
    store_name          = "CertificateAuthority"
  }

  lifecycle {
    ignore_changes = [tags]
  }
}
SPALLADI commented 1 year ago

Any update on this issue? We are also facing same issue.

hareeshdsinfo1 commented 1 year ago

Any update on this issue? am having same issue on this

RockyMM commented 7 months ago

To anyone still reading, you need to encode your certificate in PKCS12 format.