0

I have uploaded a .pfx certificate in Azure key vault and trying to use that to send a request to an API

I am reading the certificate and secret with the following code

credential = DefaultAzureCredential()

certificate_client = CertificateClient(
    vault_url="https://something.vault.azure.net/", credential=credential
)

certificate = certificate_client.get_certificate("aemocert")

secret_client = SecretClient(
    vault_url="https://something.vault.azure.net/", credential=credential
)
secret = secret_client.get_secret(certificate.name)

now I have to convert the data received into a certificate so I Can use it in the following request

url= "https://myurl"
headers = {"X-id": "dsd"}
data = {"test":"test"}

requests.request(
    "POST",
    "url = url,
    headers=headers,
    data=data,
    cert=**cert**,
    timeout=10,
)

I have tried following code

base64_bytes = secret.value.encode("ascii")
message_bytes = base64.b64decode(base64_bytes)
cert = x509.load_der_x509_certificate(message_bytes)

but get this error

Exception: ValueError: error parsing asn1 value: ParseError { kind: UnexpectedTag { actual: Tag { value: 2, constructed: false, class: Universal } }, location: ["Certificate::tbs_cert"] }

If I use following code

cert = crypto.load_pkcs12(base64.b64decode(secret.value))

I get error

Exception: TypeError: 'PKCS12' object is not subscriptable

Harshitha
  • 3,784
  • 2
  • 4
  • 9
Ali
  • 1,015
  • 14
  • 40
  • It appears you're using pyOpenSSL though you don't say so. https://stackoverflow.com/questions/49163100/p12-cert-authenticate-python and https://stackoverflow.com/questions/6345786/python-reading-a-pkcs12-certificate-with-pyopenssl-crypto show ways to use load_pkcs12, but since it is deprecated the latter also shows how to use pyca/cryptography instead. Alternatively https://pypi.org/project/requests-pkcs12/ adapts requests to handle this for you. – dave_thompson_085 Aug 25 '23 at 03:32
  • those solution works If you have certificate file on your file system, I have a byte array of the certificate and don't want to create a temp cert file and then delete it later. – Ali Aug 25 '23 at 05:02
  • @Ali could you please let me know which type of certificate you are using? `PFX/PEM/DER`? – Sampath Aug 26 '23 at 12:56
  • I have .pem and a.key file and I have generated a .pdf with a password, the above code uses a .pfx with password. – Ali Aug 26 '23 at 23:53

0 Answers0