Open
Description
openedon Jun 16, 2024
Library name and version
Azure.Security.KeyVault.Certificates 4.6.0; Azure.Core 1.40.0; Azure.Identity 1.11.4
Describe the bug
when using CertifcatesClient to download certificates client.DownloadCertificateAsync(certname)
for a PEM format cert in Azure keyvault, I got exception:
System.Reflection.TargetInvocationException
HResult=0x80131604
Message=Exception has been thrown by the target of an invocation.
Source=System.Private.CoreLib
StackTrace:
at System.Reflection.MethodBaseInvoker.InvokeWithFewArgs(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at Azure.Core.PemReader.CreateRsaCertificate(Byte[] cer, Byte[] key, X509KeyStorageFlags keyStorageFlags)
at Azure.Core.PemReader.LoadCertificate(ReadOnlySpan`1 data, Byte[] cer, KeyType keyType, Boolean allowCertificateOnly, X509KeyStorageFlags keyStorageFlags)
at Azure.Security.KeyVault.Certificates.CertificateClient.<DownloadCertificateAsync>d__19.MoveNext()
at Azure.Security.KeyVault.Certificates.CertificateClient.<DownloadCertificateAsync>d__18.MoveNext()
..
This exception was originally thrown at this call stack:
[External Code]
Inner Exception 1:
ArgumentException: The provided key does not match the public key for this certificate. (Parameter 'privateKey')
For the cert itself, it is automated generated by Azure Keyvault
When generating the cert with PKCS#12, the DownloadCertificate
function works correctly.
But when generating with PEM by just changing the content type to PME in below, the same code failed.
I read the code of DownloadCertificate
. It looks like to have specific handling for PEM format already.
Anything wrong here?
__
Expected behavior
see above description
Actual behavior
see above description
Reproduction Steps
- register a domain in One-Cert system with private AME issuer only
- generate a cert for this domain with PEM format
- do
DownloadCertificate
func
Environment
No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Labels
This issue points to a problem in the data-plane of the library.Issues that are reported by GitHub users external to the Azure organization.This issue requires a new behavior in the product in order be resolved.Workflow: This issue needs attention from Azure service team or SDK teamThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Type
Projects
Status
Not Started