-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid key with azurerm_key_vault_certificate_data #17752
Comments
@kraduk Have you verified that the downloaded certificate matches what the data source returns? If so, then it indicates the provider is working as expected. Regarding why the key embedded in the certificate is not the one you expected, this sounds relating to how you use acmebot-keyvault to generate the kv certificate? |
As stated i download the secret via the following (throw away cert)
|
I have this same issue. There are two issues that I see.
When I built the environment AppGW required the certificate stored in PKCS12, I need the certificate in other formats as well though. If you could reorder the cert properly and output the key in another format, that would make this very easy. |
Can this be updated to bug due to certificate returned in wrong order? |
Still no movement on this? |
Is there an existing issue for this?
Community Note
Terraform Version
v1.2.4
AzureRM Provider Version
v3.15.0
Affected Resource(s)/Data Source(s)
data.azurerm_key_vault_certificate_data
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
produce a pem format cert file and private key
Actual Behaviour
Looks like its worked, however the private key errors and says the key doesnt match the cert when trying to import it to a number of things (apache2.4, traefik)
The cert is correct.
If I manually download via the azure portal and decode the pfx to pem format i get a different private key in the resulting file !!! (first block)
eg
openssl pkcs12 -in sample.pfx -out file.pem -nodes
The certs were created by acmebot-keyvault, which uses the kv to generate the key then uses the resulting csr with letsencrypt
Manually downloading the key and cert and using that works just not when i data it all via terraform
Steps to Reproduce
No response
Important Factoids
acmebot-keyvault cert generation
References
No response
The text was updated successfully, but these errors were encountered: