Skip to content

KeyVault Merge Certificate (BadParameter) ASN1 bad tag value met #2834

New issue
New issue
Closed
Closed
KeyVault Merge Certificate (BadParameter) ASN1 bad tag value met#2834
Assignees
mccoyp
Labels
ClientThis issue points to a problem in the data-plane of the library.KeyVaultService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@funkbunker

Description

@funkbunker
funkbunker
opened on Jun 28, 2018

Hi,

When Generating a certificate signed by an unknown CA, I am hitting the error "(BadParameter) ASN1 bad tag value met" when trying to merge the certificate back at the end.

My certificate is PEM format it looks a bit like this:

-----BEGIN CERTIFICATE-----
MIIC1zCCAb8CCQDr9JUJilWejDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
...snip...
l5nLmYRSHKC6obU=
-----END CERTIFICATE-----

Im giving it a bit of sanitization using the following:

cert1 = cert.split('-----\n')
cert2 = cert1[1].split('\n-----')
cert3 = cert2[0].split('\n')
cert4 = ''.join(cert3)
certlist = []
certlist.append(cert4.encode())

Out the end of this my certlist looks a bit like this:

[b'MIIC1zCCAb8CCQDr9JUJilWe......snip.....YRSHKC6obU=']

The reason I have gone for this is in the code: https://github.com/Azure/azure-sdk-for-python/blob/master/azure-keyvault/azure/keyvault/key_vault_client.py

The Type of type of x509_certificates is list[bytearray]. However when I fire this at my keyvault using:

key_vault_client.merge_certificate(KEY_VAULT_URI, certname, certlist)

I get this back:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.6/site-packages/azure/keyvault/key_vault_client.py", line 3823, in merge_certificate
    raise models.KeyVaultErrorException(self._deserialize, response)
azure.keyvault.models.key_vault_error.KeyVaultErrorException: (BadParameter) ASN1 bad tag value met. (Exception from HRESULT: 0x8009310B)

I have tried to submit the merge via the portal and all is ok, after trying via the python SDK. And I think that the list of bytearray above is correct as if I try to submit a certificate for another csr/key I get an expected:

(BadParameter) Public key from x509 certificate and key of this instance doesn't match

I haven't had much joy on google or stack overflow, everything about "ASN1 bad tag value met" seems to be quite old and about certificates in IIS.

Please let me know if you need any further information.

Thanks

Daniel

Metadata

Metadata

Assignees

Labels

ClientThis issue points to a problem in the data-plane of the library.KeyVaultService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions