certbased authentication does not work when the p12 contains the chain #529
Labels
bug
Something isn't working
Comments
|
I just figured out that the order in the P12 is important. If the leaf certificate is first in the P12, it's not an issue. When the chain is first, it runs into the error. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PROBLEM SUMMARY
When a p12 file used for certificated-based authentication contains a chain, vcert cannot authenticate.
STEPS TO REPRODUCE
create a p12 with a chain, enable certificate-based authentication, grant permissions for the account, and grant API access.
EXPECTED RESULTS
vcert should be able to authenticate
ACTUAL RESULTS
the authentication fails, vcert isn't able to extract the right certificate
2024-09-19T07:13:34.954+0200 INFO vcert/playbook.go:179 attempting to enable certificate authentication to TPP
2024-09-19T07:13:34.974+0200 ERROR vcert/playbook.go:129 tls config error {"error": "failed reading PEM data to build X.509 certificate: tls: private key does not match public key"}
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:129
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:159
runtime.main
/usr/local/go/src/runtime/proc.go:267
ENVIRONMENT DETAILS
ran on windows.
COMMENTS/WORKAROUNDS
TPP can provision p12 files, including the chain.
The text was updated successfully, but these errors were encountered: