Getting error while running audit on azure ad

[prashantvidja]

Hi,

I am getting the below exception while running this on my Azure instance.

.\PingCastle.exe --azuread --clientid redacted --tenantid redacted --p12-file redacted --p12-pass redacted --log

Here, I have added trace log

After parsing arguments Things to do OK Before loading p12 .\prashant.pfx [New run]2024-07-10 22:32:31Z PingCastle version 3.2.0.1 Running on dotnet:4.0.30319.42000 Starting Analyze at:7/10/2024 10:32:31 PM [10:32:31 PM] Starting [10:32:31 PM] Authenticate GetToken with Certificate Invalid algorithm specified.

at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature) at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) at PingCastle.Cloud.Tokens.TokenFactory.BuildJwtAssertion[T](CertificateCredential credential) in c:\git\PingCastle\Cloud\Tokens\TokenFactory.cs:line 165 at PingCastle.Cloud.Tokens.TokenFactory.d1b`1.MoveNext() in c:\git\PingCastle\Cloud\Tokens\TokenFactory.cs:line 106 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at PingCastle.Cloud.Tokens.TokenFactory.d01.MoveNext() in c:\git\PingCastle\Cloud\Tokens\TokenFactory.cs:line 47 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at PingCastle.Cloud.Credentials.CertificateCredential.<GetToken>d__11.MoveNext() in c:\git\PingCastle\Cloud\Credentials\CertificateCredential.cs:line 96 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at PingCastle.Cloud.Analyzer.Analyzer.d__4.MoveNext() in c:\git\PingCastle\Cloud\Analyzer\Analyzer.cs:line 55 [Red][10:32:31 PM] An exception occured when doing the task: Analyze [Red]Note: you can run the program with the switch --log to get more detail An exception occured when doing the task: Analyze [Red]Exception: Invalid algorithm specified.

Thanks

[JoeDibley]

Hi there, I just ran into this issue myself

The issue stems from not providing the specific provider that PingCastle uses when generating the certificate. For self-signed certificates there are two options:

1. Use the PowerShell script located in the cloud folder called CreateSecureAppCert.ps1 to create a certificate for your environment.
2. You can likely just add -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" to the command you used to generate the initial certificate.

I am going to close this for now as I am sure this should resolve your issue but dont hesitate to reach out or reply if you need further help. Cheers, Joe