Share via

Getting CERTIFICATE_VERIFY_FAILED error when trying to run az cloud register with ASDK from ubuntu machine

Michael Clagett 211 Reputation points
2024-09-30T23:11:44.0266667+00:00

I have obviously not installed the certificate correctly. I did set things up correctly on a Windows machine with the following steps:

  1. Export Self-Signed Certificate from Azure Stack SDK machine
  2. Convert exported .cer certificate to .pem certificate on client
  3. Connect to ASDK machine with vpn (can run adminportal and portal from client)
  4. Install Azure CLI on client
  5. Add certificate to python certificate store with the script from "Setting up certificates for Azure CLI on Azure Stack Hub or Azure Stack Development Kit" page. I had to modify the script to use a different constructor for the System.Security.Cryptography.X509Certificates.X509Certificate2 object that that takes the .pem file as a parameter because the import call was not working. I have viewed the modified cacert.pem file and see that the self-signed root certificate is there.
  6. Az cloud register worked successfully at this point on the windows client

Now, I am trying to do the same with Ubuntu 24.02 running under WSL on the same machine.

Steps 1 and 2 are the same (in fact I just used the files that were created when setting this up for Windows)

For Steps 3 and 4 I know that the hot machine's vpn connection and the Azure CLI are working because I am able to curl to the admin portal and am able to issue other az commands successfully (like, for example, az cloud list).

For Step 5 I installed Powershell and ran the same script as I ran with Windows (using, of course, the Ubuntu location for the python cert store). I have examined the modified store here as well and see that the Self-Signed Root certificate has been added.

But on Ubuntu I get a CERTIFICATE_VERIFY_FAILED error when I try to register the AzureStakUser and AzureStackAdmin clouds. If anyone has any insight on this, I would be most appreciative.

Azure Stack Hub
Azure Stack Hub
An extension of Azure for running apps in an on-premises environment and delivering Azure services in a datacenter.
189 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. anashetty 500 Reputation points Microsoft Vendor
    2024-10-01T08:26:50.16+00:00

    Hi Michael Clagett,

    Based on the error details you shared, I have shared troubleshooting steps that I felt will help resolve the issue you reported.

    Make sure that the self-signed certificate is recognized not just by Python but also by your WSL system itself. Here's how to install the certificate in WSL:

    Copy the .pem certificate file to the system's trusted certificate directory: sudo cp /path/to/certificate.pem /usr/local/share/ca-certificates/

    Update the certificates so that WSL trusts your self-signed certificate: sudo update-ca-certificates After doing this, try running your Azure CLI command again.

    Python Certification store might not yet recognize your self-signed certificate. once check it:
    To find where python stores its certificates: python3 -m certifi

    Edit the cacert.pem file by appending the content of your .pem certificate: sudo nano /path/to/cacert.pem Copy and paste the certificate content into this file, save it, restart your terminal and re-run the az cloud register command.

    Test the Certificate with OpenSSL: openssl s_client -connect <your-endpoint>:443 -CAfile /path/to/certificate.pem This will help verify whether the certificate is recognized by your system.

    If you still find any difficulties, please let me know I would like to work closer on this issue.

    Thank you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.