Cert Based authentication getting error as "The credential supplied to the package is not recognized"

[kirankg15]

Describe the bug Cert Based authentication throw error as "The credential supplied to the package is not recognized"

Exception: The SSL connection could not be established. Inner exception : "The credential supplied to the package is not recognized"

I am implementing Cert based authentication to fetch kv secret.

For this all I configured prerequisites. Such as

• Add secrets at KV v2

• Generation certificate pki engine

• • added a policy : cert-policy path "kv-secret/data/test3-secret" { capabilities=["read","list"]}
  • Enable TLS auth cert and added public part of pem file there with policies to read a kv secrets Few details of it.

• Cert name : vault_cert

• certificate name: CBVCert

• display name: CBVCert

• Generated token policies: cert-policy

• TTL :30 days

added pfx file at vault cert and reading from there. At the time authentication I am passing

Here I am fetching certificate from store Vault client setting got established successfully.

IAuthMethodInfo` authMethod = new CertAuthMethodInfo(clientCertificate);    

 var vaultClientSettings = new VaultClient(VaultClientSettings("endpoint:8200", authMethod)
  {
   Namespace=VaultNamespace
});
    IVaultClient vaultClient = new VaultClient(vaultClientSettings);

   //secret path is : test3_secret
//mountpoint is :kv-secret 
    Task.Run(async () =>
    {
        secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: secretpath, mountpoint: mountpoint);
    }).GetAwaiter().GetResult();

On the execution of ReadSecretAsync I am getting an exception saying "Permission denied"

Is this correct way to do cert based authentication or am I missing something. Because I am bit wondering I haven't provided any TLS cert related inputs such as name of cert.

@rajanadar : Please guide me.

Previously the same code is used for app role authentication. It is up and running.

[rajanadar]

hi @kirankg15

That is the right way to do Cert Based Auth. You don't need to provide name of cert. You have actually provided the whole Cert with private key link when you do

IAuthMethodInfo` authMethod = new CertAuthMethodInfo(clientCertificate);

And your certificate also has a private key. VaultSharp does a check on it and throws an error if private key is missing.

The error The credential supplied to the package is not recognized happens when the account under which your application is running does not have access to read the private key. So try to give access and let me know.

This issue is outside VaultSharp.