Share via

Can not activate a Managed HSM

Cao Trong Thang 66 Reputation points
2020-11-02T09:17:05.88+00:00

Hi, I tried to follow the quickstart to create and activate a managed HSM: https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/quick-create-cli
Unfortunately, the download security domain command is failed so it prevents me from activating my new created HSM :(

After generating 3 key-pairs, I have:

*VERBOSE: Building your Azure drive ...
PS /home/phan> dir
Directory: /home/phan
Mode LastWriteTime Length Name

l---- 11/2/2020 7:56 AM clouddrive -> /usr/csuser/clouddrive
----- 11/2/2020 8:20 AM 1415 cert_0.cer
----- 11/2/2020 8:20 AM 1704 cert_0.key
----- 11/2/2020 8:22 AM 1415 cert_1.cer
----- 11/2/2020 8:22 AM 1704 cert_1.key----- 11/2/2020 8:23 AM 1415 cert_2.cer
----- 11/2/2020 8:23 AM 1704 cert_2.key*

Then, using the "az keyvault security-domain download" command to activate the HSM and get the error: "'Response' object has no attribute 'status'"

PS /home/phan> az keyvault security-domain download --hsm-name CttTestHSM --sd-wrapping-keys ./cert_0.cer ./cert_1.cer ./cert_2.cer --sd-quorum 2 --security-domain-file CttTestHSM-
SD.json
Argument '--hsm-name' is in preview. It may be changed/removed in a future release.
Command group 'keyvault security-domain' is in preview. It may be changed/removed in a future release.
'Response' object has no attribute 'status'

Did anyone else get the same problem? and how to deal with this error?

Thanks,
CTT

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,309 questions
Accepted answer
  1. JamesTran-MSFT 36,631 Reputation points Microsoft Employee
    2020-11-03T22:10:14.083+00:00

    @Cao Trong Thang
    Thank you for the quick follow up! Are you able to try running this command on AzCLI on your Desktop? If you need to download the latest version you can do so here.

    I copied and pasted all my certs (from CloudShell) to my C: drive in the "certs" folder and successfully run the command:
    37229-image.png

    You can download the certs from CloudShell by opening CloudShell and selecting the Editor -> Select the certificates/keys:
    37253-image.png

    Copy all of the certificate data -> Paste it into a text editor -> give the file the same name as on CloudShell (i.e. "cert_0.cer") -> save it in a "certs" folder:
    37242-image.png

    Optionally, you can re-run the "openssl" commands on your desktop to recreate these certificates.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.