“error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure” when generating self signed certificate...












1















We're developing a microservices app on Kubernetes. One of the microservices is IdentityServer instance. Initially, I want to test the solution locally on Docker to make sure it works. For this purpose, I want to copy the certificate to appsettings.json. Eventually this value will be replaced by a Kubernetes secret. In my startup class this is how I'm trying to load my certificate:



services.AddIdentityServer()

     .AddSigningCredential(GetIdentityServerCertificate())

     .AddConfigurationStore(...





    private X509Certificate2 GetIdentityServerCertificate()

    {

        var clientSecret = Configuration["Certificate"];

        var pfxBytes = Convert.FromBase64String(clientSecret);

        var certificate = new X509Certificate2(pfxBytes, "PasswordHere");

        return certificate;

    }


The certificate is generated by me using openssl:



openssl req –newkey rsa:2048 –nodes –keyout XXXXX.key –x509 –days 365 –out XXXXX.cer



openssl pkcs12 –export –in XXXX.cer –inkey XXXX.key –out XXXX.pfx


Then I get the certificate by using:



$pfxFilePath = 'C:XXXX.pfx'

$pwd = 'PasswordHere'

$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable

$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection

$collection.Import($pfxFilePath, $pwd, $flag)

$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12

$clearBytes = $collection.Export($pkcs12ContentType)

$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)


I grab the $fileContentEncoded value and paste it into appsettings.json.



When i debug it, the result is: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure when i'm trying to create X509Certificate2 object using the method above.






docker identityserver4 x509certificate x509certificate2







share|improve this question





























    1















    We're developing a microservices app on Kubernetes. One of the microservices is IdentityServer instance. Initially, I want to test the solution locally on Docker to make sure it works. For this purpose, I want to copy the certificate to appsettings.json. Eventually this value will be replaced by a Kubernetes secret. In my startup class this is how I'm trying to load my certificate:



    services.AddIdentityServer()
    
     .AddSigningCredential(GetIdentityServerCertificate())
    
     .AddConfigurationStore(...
    

    

    
    private X509Certificate2 GetIdentityServerCertificate()
    
    {
    
        var clientSecret = Configuration["Certificate"];
    
        var pfxBytes = Convert.FromBase64String(clientSecret);
    
        var certificate = new X509Certificate2(pfxBytes, "PasswordHere");
    
        return certificate;
    
    }


    The certificate is generated by me using openssl:



    openssl req –newkey rsa:2048 –nodes –keyout XXXXX.key –x509 –days 365 –out XXXXX.cer
    

    
openssl pkcs12 –export –in XXXX.cer –inkey XXXX.key –out XXXX.pfx


    Then I get the certificate by using:



    $pfxFilePath = 'C:XXXX.pfx'
    
$pwd = 'PasswordHere'
    
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
    
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
    
$collection.Import($pfxFilePath, $pwd, $flag)
    
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
    
$clearBytes = $collection.Export($pkcs12ContentType)
    
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)


    I grab the $fileContentEncoded value and paste it into appsettings.json.



    When i debug it, the result is: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure when i'm trying to create X509Certificate2 object using the method above.






    docker identityserver4 x509certificate x509certificate2







    share|improve this question



























      1












      1








      1








      We're developing a microservices app on Kubernetes. One of the microservices is IdentityServer instance. Initially, I want to test the solution locally on Docker to make sure it works. For this purpose, I want to copy the certificate to appsettings.json. Eventually this value will be replaced by a Kubernetes secret. In my startup class this is how I'm trying to load my certificate:



      services.AddIdentityServer()
      
     .AddSigningCredential(GetIdentityServerCertificate())
      
     .AddConfigurationStore(...
      

      

      
    private X509Certificate2 GetIdentityServerCertificate()
      
    {
      
        var clientSecret = Configuration["Certificate"];
      
        var pfxBytes = Convert.FromBase64String(clientSecret);
      
        var certificate = new X509Certificate2(pfxBytes, "PasswordHere");
      
        return certificate;
      
    }


      The certificate is generated by me using openssl:



      openssl req –newkey rsa:2048 –nodes –keyout XXXXX.key –x509 –days 365 –out XXXXX.cer
      

      
openssl pkcs12 –export –in XXXX.cer –inkey XXXX.key –out XXXX.pfx


      Then I get the certificate by using:



      $pfxFilePath = 'C:XXXX.pfx'
      
$pwd = 'PasswordHere'
      
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
      
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
      
$collection.Import($pfxFilePath, $pwd, $flag)
      
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
      
$clearBytes = $collection.Export($pkcs12ContentType)
      
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)


      I grab the $fileContentEncoded value and paste it into appsettings.json.



      When i debug it, the result is: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure when i'm trying to create X509Certificate2 object using the method above.






      docker identityserver4 x509certificate x509certificate2







      share|improve this question
















      We're developing a microservices app on Kubernetes. One of the microservices is IdentityServer instance. Initially, I want to test the solution locally on Docker to make sure it works. For this purpose, I want to copy the certificate to appsettings.json. Eventually this value will be replaced by a Kubernetes secret. In my startup class this is how I'm trying to load my certificate:



      services.AddIdentityServer()
      
     .AddSigningCredential(GetIdentityServerCertificate())
      
     .AddConfigurationStore(...
      

      

      
    private X509Certificate2 GetIdentityServerCertificate()
      
    {
      
        var clientSecret = Configuration["Certificate"];
      
        var pfxBytes = Convert.FromBase64String(clientSecret);
      
        var certificate = new X509Certificate2(pfxBytes, "PasswordHere");
      
        return certificate;
      
    }


      The certificate is generated by me using openssl:



      openssl req –newkey rsa:2048 –nodes –keyout XXXXX.key –x509 –days 365 –out XXXXX.cer
      

      
openssl pkcs12 –export –in XXXX.cer –inkey XXXX.key –out XXXX.pfx


      Then I get the certificate by using:



      $pfxFilePath = 'C:XXXX.pfx'
      
$pwd = 'PasswordHere'
      
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
      
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
      
$collection.Import($pfxFilePath, $pwd, $flag)
      
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
      
$clearBytes = $collection.Export($pkcs12ContentType)
      
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)


      I grab the $fileContentEncoded value and paste it into appsettings.json.



      When i debug it, the result is: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure when i'm trying to create X509Certificate2 object using the method above.






      docker identityserver4 x509certificate x509certificate2




      docker identityserver4 x509certificate x509certificate2






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 29 '18 at 13:08







      skyrunner

















      asked Nov 28 '18 at 6:22









      skyrunnerskyrunner

      357




      357
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53513317%2ferror23076071pkcs12-routinespkcs12-parsemac-verify-failure-when-generating%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53513317%2ferror23076071pkcs12-routinespkcs12-parsemac-verify-failure-when-generating%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Lallio

          Image
          Coordenadas: 45° 40' N 9° 38' E Lallio      Comuna    Lallio Localização de Lallio na Itália Coordenadas 45° 40' N 9° 38' E Região Lombardia Província Bérgamo Área - Total 2 km² Altitude 216 m População  - Total 3 826     • Densidade 1 913 hab./km² Outros dados Comunas limítrofes Bergamo, Dalmine, Stezzano, Treviolo Código ISTAT 016123 Código cadastral E422 Código postal 24040 Prefixo telefônico 035 Website www.comune.lallio.bg.it Lallio é uma comuna italiana da região da Lombardia, província de Bérgamo, com cerca de 3.826 habitantes. Estende-se por uma área de 2 km², tendo uma densidade populacional de 1913 hab/km². Faz fronteira com Bergamo, Dalmine, Stezzano, Treviolo. [ 1 ] [ 2 ] [ 3 ] Demografia | Variação demográfica do município entre 1861 e 2011 [ 3 ] Fonte : Istituto Nazionale di Statistica (ISTAT) - Elabor...
          Read more

          Futebolista

          Image
          Ronaldo primeiro jogador a ser eleito por três vezes o melhor jogador do mundo pela FIFA. Ronaldinho Gaúcho atuando pelo Barcelona onde foi duas vezes eleito o melhor jogador do mundo pela FIFA. Kaká atuando pelo Milan onde foi eleito em 2007 o melhor jogador do mundo pela FIFA. Lothar Matthäus primeiro jogador a ser eleito o melhor jogador do mundo pela FIFA em 1991 pela Inter de Milão. Neymar durante partida contra a Escócia, em 27 de março de 2011. Crianças praticando futebol. Robinho, futebolista brasileiro, em 15 de novembro de 2006. Atletas do Chelsea, da Inglaterra. A venda de camisas com nome e número dos jogadores é uma grande fonte de arrecadação. Jürgen Klinsmann atuou como jogador e foi treinador da Alemanha. Estádio de futebol, principal local onde laboram os jogadores. O jogador de futebol , ou Futebolista , é um atleta profissional de futebol, e cuja prática do desporto coletivo é fundamental. Estes trabalhadores sã...
          Read more

          Jornalista

          Image
          Uma repórter de televisão segurando um microfone na frente de um cinegrafista. Fotojornalistas no Campeonato Mundial de Atletismo 2013 Uma repórter entrevistando Boris Johnson, Prefeito de Londres. Jornalista é o profissional formado em Jornalismo. É a pessoa responsável pela apuração, investigação e apresentação de notícias, reportagens, entrevistas ou distribuição de notícias ou outra informação de interesse coletivo. O trabalho do jornalista é chamado jornalismo. Um jornalista pode trabalhar com questões gerais ou especializar-se em determinadas áreas. No entanto, a maioria dos jornalistas tendem a se especializar, e cooperando com outros jornalistas, produzir publicações que abrangem muitos tópicos. [ 1 ] Por exemplo, um jornalista esportivo cobre notícias dentro do mundo dos esportes, mas este jornalista pode ser uma parte de um jornal que cobre diversos temas. O exercício do Jornalismo é privativo de jornalista. Entre as áreas em que o jornalista trabalha estão o...
          Read more