-
Notifications
You must be signed in to change notification settings - Fork 426
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Active Directory (Authentication=ActiveDirectoryServicePrincipalCertificate). Cannot parse the PVK, PVK file does not contain the correct header..does it not support encryped keys? #2530
Comments
hi @muskaan62 I don't see the code you used to connect but the url you included above doesn't look correct. Please see this doc for an example on how to connect using ActiveDirectoryServicePrincipalCertificate authentication mode. |
@lilgreenbird The code
can u please mention whats the wrong in the url if it is trustServerCertificate and encrypt one then keeping both true also give same error...also the attach doc is not showing anything its pointing to github repo only.I am kinda block on this. |
@lilgreenbird I think the bug is in this method https://github.com/microsoft/mssql-jdbc/blob/main/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerCertificateUtils.java#L397 which use to decrypt the encrypted private key . |
I'm sorry it looks like there was a c&p issue the link in my prev post was wrong, I've now fixed it. The example uses SQLServerDataSource but it's the same idea in URL form, you can see in the sample what properties is needed for ActiveDirectoryServicePrincipalCertificate auth. We also have junit test which tests ActiveDirectoryServicePrincipalCertificate fyi. |
@lilgreenbird I am using the correct properties in URL form. And the test you provide is only for testing certificate auth without any password.
|
@lilgreenbird I try to raise the PR for this issue but looks like i dont have perms to create PR. |
hi @muskaan62 Thanks, what errors are you getting whehn you tried to create a PR? this is open source so anyone should be able to create a PR and we've had contributions from various users in the past. You should be able to create a PR here |
@lilgreenbird facing this error I try to fork the repo and raise PR #2532 |
I'm encountering the same issue. Seems currently only encrypted private key in PKCS#1 format is supported by MSSQL JDBC. I tried converting the private key PEM to PKCS#1 format and encrypted it. This worked and might be a workaround for now. openssl rsa -in key.pem -out key-pkcs1.pem -traditional
openssl rsa -in key-pkcs1.pem -out key-pkcs1-encrypted.pem -aes256 -traditional I'm using |
Question
ActiveDirectoryServicePrincipalCertificate Authentication with client certifiicate private key and private key associated with password is not working.
I am trying to connect with azuresql db with the above url using (clientcert,private key,password) for authentication
Note(clientcert with private key is working)
client cert with password also working.
only the above combination is giving the below error..I have verified the private key as well it contains valid header
-----BEGIN ENCRYPTED PRIVATE KEY-----
tested with latest driver also 12.8.0.jre11
Is it a bug in driver?
use below steps to create certificate with private key and privatekey password
Relevant Issues and Pull Requests
The text was updated successfully, but these errors were encountered: