Azure Management Libraries, Rejected Certificate

Question

I'm attempting to use the Azure Management Libraries NuGet package to upgrade a deployment using ComputeManagementClient.UpgradeByNameAsync.

I'm using my certificate's thumbprint to load it from the certificate store and create my credentials, but my request keeps getting rejected with the following message:

The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

I've done everything I can think of to figure it out but nothing is working.

I've quadruple-checked that my thumbprint is correct and that the certificate appears in the management certificates list in azure. Any ideas on where I might be going wrong?

If I'm not mistaken, the certificate on your local machine need to have private key associated with it. That is one common reason I have seen for this error. — Gaurav Mantri, Mar 24 '14 at 04:51

score 1 · Answer 1 · answered Mar 28 '14 at 13:06

public static CertificateCloudCredentials FromPublishSettingsFile(string path, string subscriptionId)
        {
            try
            {
                var profile = XDocument.Load(path);
                var certificate = new X509Certificate2(
                    Convert.FromBase64String(profile.Descendants("PublishProfile").First()
                    .Attribute("ManagementCertificate").Value));
                return new CertificateCloudCredentials(subscriptionId, certificate);
            }
            catch (Exception ex)
            {
                throw ex;
            }
        }

Use this code block to create an object of type CertificateCloudCredentials from Publish Settings file. Once you get the object created successfully, use the below code block to create computeManagementClient.

var computeManagementClient = new ComputeManagementClient(creds);

Though compute management client accepts only SubscriptionCloudCredentials, CertificateCloudCredentials is a compatible one and will be accepted.

Sri Kanth · Answer 2 · 2014-03-24T06:23:20.497

0

Not sure why it isn't working for certificate store but Another way of doing that would be to use the thumbprint that comes with *.publishsettings file for your subscription. You can download this file using https://windows.azure.com/download/publishprofile.aspx

edited Mar 24 '14 at 06:23

answered Mar 24 '14 at 06:15

Sri Kanth

476
2
14

I don't know what happened--but my co-worker did a slight refactoring and started getting a different error. The new error seemed to be a problem with the method we were calling (somewhere down inside). We switched to a new method, so this will probably never be fully resolved. – Anthony Compton Mar 28 '14 at 12:31

score 0 · Answer 3 · answered Apr 24 '14 at 04:36

Sri's answer is relatively right-on. I blogged about using MAML with publish settings files in a much more long-winded manner than Sri provides above, with some sample code if you want to try the solution out with your own publish settings files.

You will need to install the cert into your local machine before you can use it (based on my experience). Have you thought about switching to use the TokenCloudCredential, which would allow you to glue up MAML to AAD using the ADAL NuGet package? That might help you mitigate issues related to certs.

Azure Management Libraries, Rejected Certificate

3 Answers3