After creating a new private key and self-signed certificate with OpenSSL 3.1.4 and then attempting to upload the PEM format certificate file to a VPN Gateway instance with Az Cli the end result is that Az Cli takes the specified file (which contains e.g. the "--- BEGIN ---" and "--- END ---" parts, encodes the entire file with base64, and puts the result into the root certificate "Public certificate data" field.
As expected, any connection attempt with a certificate that's now signed with the private key will fail.
this generates a self-signed certificate and a private key. Then issue the command
to upload the certificate to Azure.
The command does not return an error message.
cli.knack.cli: Command arguments: ['network', 'vnet-gateway', 'root-cert', 'create', '--name', 'MyTestRoot', '--gateway-name', '*****', '--resource-group', '*****', '--public-cert-data', 'vpn-ca-certificate.pem', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0150E938>, <function OutputProducer.on_global_arguments at 0x01838A28>, <function CLIQuery.on_global_arguments at 0x0185A7F8>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: network 0.299 115 466
cli.azure.cli.core: privatedns 0.017 14 60
cli.azure.cli.core: Total (2) 0.316 129 526
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 128 groups, 526 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : network vnet-gateway root-cert create
cli.azure.cli.core: Command table: network vnet-gateway root-cert create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x03938118>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\*****\.azure\commands\2024-06-07.07-49-26.network_vnet-gateway_root-cert_create.16972.log'.
az_command_data_logger: command args: network vnet-gateway root-cert create --name {} --gateway-name {} --resource-group {} --public-cert-data {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x03947CF8>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x0397B438>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x0397B488>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x01838A78>, <function CLIQuery.handle_query_parameter at 0x0185A848>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x0397B3E8>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\\Users\\*****\\.azure\\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\*****\.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/*****
msal.authority: openid_config("https://login.microsoftonline.com/*****/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/*****/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/*****/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/*****/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/*****/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/*****/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/*****/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/*****/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: a9109bd4-436c-485f-864b-ff2489ded0fb
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****?api-version=2022-01-01 HTTP/1.1" 200 5355
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '5355'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '9112c7bb-962a-475f-a34e-89b02ea5cb4f'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '10e37665-9dd2-4d1d-8b89-770369778db0'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '00aac713-d178-4ba5-83d2-dd43269f19b1'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T044929Z:10e37665-9dd2-4d1d-8b89-770369778db0'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 34F3ADDAD6FF42E6BC51627BCC4559FC Ref B: FRA231050413035 Ref C: 2024-06-07T04:49:27Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:49:28 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "*****",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****",
"etag": "W/\"f7b76055-b70e-4e9f-8df9-d2061bea194f\"",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "northeurope",
"tags": {},
"properties": {
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"packetCaptureDiagnosticState": "None",
"enablePrivateIpAddress": false,
"isMigrateToCSES": false,
"ipConfigurations": [
{
"name": "default",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default",
"etag": "W/\"f7b76055-b70e-4e9f-8df9-d2061bea194f\"",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/publicIPAddresses/*****"
},
"subnet": {
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworks/*****/subnets/GatewaySubnet"
}
}
}
],
"natRules": [],
"virtualNetworkGatewayPolicyGroups": [],
"enableBgpRouteTranslationForNat": false,
"disableIPSecReplayProtection": false,
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"*****"
]
},
"vpnClientProtocols": [
"OpenVPN"
],
"vpnAuthenticationTypes": [
"Certificate",
"AAD"
],
"vpnClientRootCertificates": [
{
"name": "*****",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/*****",
"etag": "W/\"f7b76055-b70e-4e9f-8df9-d2061bea194f\"",
"properties": {
"provisioningState": "Succeeded",
"publicCertData": "*****"
},
"type": "Microsoft.Network/virtualNetworkGateways/vpnClientRootCertificates"
}
],
"vpnClientRevokedCertificates": [],
"vngClientConnectionConfigurations": [],
"vpnClientConnectionHealth": {
"vpnClientConnectionsCount": 5,
"allocatedIpAddresses": [
*****
],
"totalIngressBytesTransferred": 3209978696,
"totalEgressBytesTransferred": 9110891224
},
"radiusServers": [],
"vpnClientIpsecPolicies": [],
"aadTenant": "https://login.microsoftonline.com/*****",
"aadAudience": "*****",
"aadIssuer": "https://sts.windows.net/*****/"
},
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "*****",
"peerWeight": 0,
"bgpPeeringAddresses": [
{
"ipconfigurationId": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default",
"defaultBgpIpAddresses": [
"*****"
],
"customBgpIpAddresses": [],
"tunnelIpAddresses": [
"*****"
]
}
]
},
"customRoutes": {
"addressPrefixes": []
},
"vpnGatewayGeneration": "Generation1"
}
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '4981'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****", "location": "northeurope", "properties": {"activeActive": false, "bgpSettings": {"asn": 65515, "bgpPeeringAddress": "*****", "bgpPeeringAddresses": [{"customBgpIpAddresses": [], "ipconfigurationId": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default"}], "peerWeight": 0}, "customRoutes": {"addressPrefixes": []}, "disableIPSecReplayProtection": false, "enableBgp": false, "enableBgpRouteTranslationForNat": false, "enablePrivateIpAddress": false, "gatewayType": "Vpn", "ipConfigurations": [{"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default", "name": "default", "properties": {"privateIPAllocationMethod": "Dynamic", "publicIPAddress": {"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/publicIPAddresses/*****"}, "subnet": {"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworks/*****/subnets/GatewaySubnet"}}}], "natRules": [], "sku": {"name": "VpnGw1", "tier": "VpnGw1"}, "vpnClientConfiguration": {"aadAudience": "*****", "aadIssuer": "https://sts.windows.net/*****/", "aadTenant": "https://login.microsoftonline.com/*****", "radiusServers": [], "vpnAuthenticationTypes": ["Certificate", "AAD"], "vpnClientAddressPool": {"addressPrefixes": ["*****"]}, "vpnClientIpsecPolicies": [], "vpnClientProtocols": ["OpenVPN"], "vpnClientRevokedCertificates": [], "vpnClientRootCertificates": [{"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/*****", "name": "*****", "properties": {"publicCertData": "*****"}}, {"name": "MyTestRoot", "properties": {"publicCertData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQ2pDQ0FmS2dBd0lCQWdJVWRTQUtveU51ckRjdHR2UFo4a2FrNWJiWjI0c3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SFRFYk1Ca0dBMVVFQXd3U1RYa2dSMkYwWlhkaGVTQlNiMjkwSUVOQk1CNFhEVEkwTURZd056QTBORGt3DQpNRm9YRFRRME1EWXdOekEwTkRrd01Gb3dIVEViTUJrR0ExVUVBd3dTVFhrZ1IyRjBaWGRoZVNCU2IyOTBJRU5CDQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWhlYVFpTmtJaDJsQlIvTkRGTzYzDQpLdUlacXN4cDRjaU1MWTVwTGdmT2FJbDV6UW96SEh1WVA0empxK1hqWkJJT0puTnJSVkQ4azNsdjZTOW52SlNpDQpUbUVYQjBXWEZUaC9Ba2NwT2lxK3dTZHBQb0htZ2p2bWZodVIwbHB3Vlc4WUdzbFV5UklnRWlEc0YyMFFyTy9TDQpmRjNONkdHZ2htaW8xSGNobGwrSnQ0WGtoY05sMXNTWUFyQ1ZIcTMyREo3bXJSN0x3WGduWWFudXkrRU9MMFA3DQpWcHpvNjZRcXFGRjhzUXYxMFZNWjF6RjBySjlnekJkVEx0cnRaTEM3Z0JYTG4yZVhGM0c5ZEVQRkdMeVNHTUFDDQpTWmJhdDhxRDI3dFJNZGFFaFJrQjU5ZkIxM2dUTFFrRmY1cFVMUnFpbHhRVkNDRTl5UiswaEc4MzZuaTFUL29rDQptd0lEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQ0JEQWRCZ05WDQpIUTRFRmdRVUNKRjhobU0rRnZ4aUM0WndCOEM4NVRmSEF6OHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQXZyDQpSbkRFQ3NCQ2ZaNUR6ekwzWDMybEJwdUF2eVRmcjgyVzBZMk9UTm9kMGRwQ1RUYUdnNFpVbnlCS21nK1B3aFE4DQpzd1RuNENzVFQ0d011Zng4UVZJWHorbEsvaVdaYVdtVjZPNWdmUnFENWNEWitmZVlHNm1DMFVDZUFxVkRRSytVDQpUNlk4SHJxMmpzNEJBR3pjd2piWnA5THU4QmFxTVd5Ymg5SkZaclltSFFhOFZ6OGpqYUFjSVlOL3ZwMlRBQkgvDQo5U3cvd0EzTGI4TzQvL1BObUJuSWM0TzY1Q3RndE1YRTIxQmNJS0RubERIUzB2cmFmQVJDU1BqRDNwMG5iRDhvDQpjcU1zQURWektsOVlhRmF2VVJjanl6bDgrcjVPMk85ZGliakpNZ2Nua2JLUCt4aHVrT2ZjWUNNbWlKYVhzWTV1DQp5ZThPclVoNk9Ka3c3bGdoNkZRPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K"}}]}, "vpnGatewayGeneration": "Generation1", "vpnType": "RouteBased"}, "tags": {}}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****?api-version=2022-01-01 HTTP/1.1" 200 7046
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '7046'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Retry-After': '10'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'b4e6608d-09b1-4e6d-a54b-67db8950892a'
cli.azure.cli.core.sdk.policies: 'Azure-AsyncOperation': 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '67e03774-f35d-4c3a-98f5-f84b7130d01f'
cli.azure.cli.core.sdk.policies: 'azure-asyncnotification': 'Enabled'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '394a4352-527c-4c91-bb0e-89daed30b9e8'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '199'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-writes': '2999'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T044931Z:67e03774-f35d-4c3a-98f5-f84b7130d01f'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: CF16A7C8BE35471BA8934DE494214C6B Ref B: FRA231050413035 Ref C: 2024-06-07T04:49:29Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:49:31 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "*****",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****",
"etag": "W/\"cc40cc2e-7247-45f6-8156-aa9fc217e824\"",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "northeurope",
"tags": {},
"properties": {
"provisioningState": "Updating",
"resourceGuid": "*****",
"packetCaptureDiagnosticState": "None",
"enablePrivateIpAddress": false,
"isMigrateToCSES": false,
"ipConfigurations": [
{
"name": "default",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default",
"etag": "W/\"cc40cc2e-7247-45f6-8156-aa9fc217e824\"",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Updating",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/publicIPAddresses/*****"
},
"subnet": {
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworks/*****/subnets/GatewaySubnet"
}
}
}
],
"natRules": [],
"virtualNetworkGatewayPolicyGroups": [],
"enableBgpRouteTranslationForNat": false,
"disableIPSecReplayProtection": false,
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"*****"
]
},
"vpnClientProtocols": [
"OpenVPN"
],
"vpnAuthenticationTypes": [
"Certificate",
"AAD"
],
"vpnClientRootCertificates": [
{
"name": "*****",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/*****",
"etag": "W/\"cc40cc2e-7247-45f6-8156-aa9fc217e824\"",
"properties": {
"provisioningState": "Updating",
"publicCertData": "*****"
},
"type": "Microsoft.Network/virtualNetworkGateways/vpnClientRootCertificates"
},
{
"name": "MyTestRoot",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/MyTestRoot",
"etag": "W/\"cc40cc2e-7247-45f6-8156-aa9fc217e824\"",
"properties": {
"provisioningState": "Updating",
"publicCertData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQ2pDQ0FmS2dBd0lCQWdJVWRTQUtveU51ckRjdHR2UFo4a2FrNWJiWjI0c3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SFRFYk1Ca0dBMVVFQXd3U1RYa2dSMkYwWlhkaGVTQlNiMjkwSUVOQk1CNFhEVEkwTURZd056QTBORGt3DQpNRm9YRFRRME1EWXdOekEwTkRrd01Gb3dIVEViTUJrR0ExVUVBd3dTVFhrZ1IyRjBaWGRoZVNCU2IyOTBJRU5CDQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWhlYVFpTmtJaDJsQlIvTkRGTzYzDQpLdUlacXN4cDRjaU1MWTVwTGdmT2FJbDV6UW96SEh1WVA0empxK1hqWkJJT0puTnJSVkQ4azNsdjZTOW52SlNpDQpUbUVYQjBXWEZUaC9Ba2NwT2lxK3dTZHBQb0htZ2p2bWZodVIwbHB3Vlc4WUdzbFV5UklnRWlEc0YyMFFyTy9TDQpmRjNONkdHZ2htaW8xSGNobGwrSnQ0WGtoY05sMXNTWUFyQ1ZIcTMyREo3bXJSN0x3WGduWWFudXkrRU9MMFA3DQpWcHpvNjZRcXFGRjhzUXYxMFZNWjF6RjBySjlnekJkVEx0cnRaTEM3Z0JYTG4yZVhGM0c5ZEVQRkdMeVNHTUFDDQpTWmJhdDhxRDI3dFJNZGFFaFJrQjU5ZkIxM2dUTFFrRmY1cFVMUnFpbHhRVkNDRTl5UiswaEc4MzZuaTFUL29rDQptd0lEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQ0JEQWRCZ05WDQpIUTRFRmdRVUNKRjhobU0rRnZ4aUM0WndCOEM4NVRmSEF6OHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQXZyDQpSbkRFQ3NCQ2ZaNUR6ekwzWDMybEJwdUF2eVRmcjgyVzBZMk9UTm9kMGRwQ1RUYUdnNFpVbnlCS21nK1B3aFE4DQpzd1RuNENzVFQ0d011Zng4UVZJWHorbEsvaVdaYVdtVjZPNWdmUnFENWNEWitmZVlHNm1DMFVDZUFxVkRRSytVDQpUNlk4SHJxMmpzNEJBR3pjd2piWnA5THU4QmFxTVd5Ymg5SkZaclltSFFhOFZ6OGpqYUFjSVlOL3ZwMlRBQkgvDQo5U3cvd0EzTGI4TzQvL1BObUJuSWM0TzY1Q3RndE1YRTIxQmNJS0RubERIUzB2cmFmQVJDU1BqRDNwMG5iRDhvDQpjcU1zQURWektsOVlhRmF2VVJjanl6bDgrcjVPMk85ZGliakpNZ2Nua2JLUCt4aHVrT2ZjWUNNbWlKYVhzWTV1DQp5ZThPclVoNk9Ka3c3bGdoNkZRPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K"
},
"type": "Microsoft.Network/virtualNetworkGateways/vpnClientRootCertificates"
}
],
"vpnClientRevokedCertificates": [],
"vngClientConnectionConfigurations": [],
"radiusServers": [],
"vpnClientIpsecPolicies": [],
"aadTenant": "https://login.microsoftonline.com/*****",
"aadAudience": "*****",
"aadIssuer": "https://sts.windows.net/*****/"
},
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "*****",
"peerWeight": 0,
"bgpPeeringAddresses": [
{
"ipconfigurationId": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default",
"defaultBgpIpAddresses": [
"*****"
],
"customBgpIpAddresses": [],
"tunnelIpAddresses": [
"*****"
]
}
]
},
"customRoutes": {
"addressPrefixes": []
},
"vpnGatewayGeneration": "Generation1"
}
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=***** HTTP/1.1" 200 30
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '30'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Retry-After': '10'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '0e3216b3-62f4-4aa1-a690-5b8d71688e72'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '3e4b6b5b-41e6-46a3-a912-cfb48bd0262b'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '4debbc54-1375-4ab7-9b08-97c0bb64aab6'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '248'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3748'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T044932Z:3e4b6b5b-41e6-46a3-a912-cfb48bd0262b'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 9518D1D19D6243CB92E61331A7CEE9A7 Ref B: FRA231050413035 Ref C: 2024-06-07T04:49:31Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:49:31 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"status": "InProgress"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=***** HTTP/1.1" 200 30
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '30'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Retry-After': '20'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '2794cb3a-9bdb-4976-ba48-3f3487bfc5e7'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '67885a54-8a79-4e88-8d16-fb2f2ed43ac6'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': 'f6ffd257-5a6b-4de8-bf4e-7c78beaa3bf9'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T044942Z:67885a54-8a79-4e88-8d16-fb2f2ed43ac6'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: B7FAECD13889461FBAC9D4A648765788 Ref B: FRA231050413035 Ref C: 2024-06-07T04:49:42Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:49:41 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"status": "InProgress"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=***** HTTP/1.1" 200 30
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '30'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Retry-After': '20'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '2451ee64-0187-490b-8e34-bc8c6c920f57'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'b544299e-f0b4-453e-aa1e-068e70fbb3db'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '695458db-95d9-4c3e-906f-30b684623195'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T045002Z:b544299e-f0b4-453e-aa1e-068e70fbb3db'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 069DE8019CA946278EB85B8FBB48BCDD Ref B: FRA231050413035 Ref C: 2024-06-07T04:50:02Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:50:01 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"status": "InProgress"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=***** HTTP/1.1" 200 30
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '30'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Retry-After': '40'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '73b39459-4b75-4855-bad8-d40fac6722d5'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'c0ffb612-34f6-4bb5-8aba-4147335eae5f'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '5f083810-a3f8-4e85-b452-64eb5d1b3990'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T045022Z:c0ffb612-34f6-4bb5-8aba-4147335eae5f'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: C8F99F6C368F4D70A6038AE4FC0CFD66 Ref B: FRA231050413035 Ref C: 2024-06-07T04:50:22Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:50:22 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"status": "InProgress"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=***** HTTP/1.1" 200 30
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '30'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Retry-After': '40'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '15a3d5de-143b-4bba-aea4-13517f190b20'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '75886124-75d1-4dda-b778-9e9785572183'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '3f914515-115f-4f52-9a0d-17b4ff26466c'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T045102Z:75886124-75d1-4dda-b778-9e9785572183'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 1C8159AC0E4449CF86ABB403852D6C91 Ref B: FRA231050413035 Ref C: 2024-06-07T04:51:02Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:51:02 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"status": "InProgress"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=*****'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/providers/Microsoft.Network/locations/northeurope/operations/b4e6608d-09b1-4e6d-a54b-67db8950892a?api-version=2022-01-01&t=638533325718027687&c=***** HTTP/1.1" 200 29
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '29'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '1123f7de-0c85-41ef-bf7f-95782ae1ad93'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '3aacd9c1-6093-4894-81b1-fcc5f0e61268'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': 'c5525540-d8ab-4391-8ae8-f315cf0089d1'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T045142Z:3aacd9c1-6093-4894-81b1-fcc5f0e61268'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 4751BF4F6FD440988DD532FF004C3ED4 Ref B: FRA231050413035 Ref C: 2024-06-07T04:51:42Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:51:42 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"status": "Succeeded"
}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****?api-version=2022-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '50f62320-2489-11ef-9bf7-8cf8c5b818a6'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway root-cert create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --gateway-name --resource-group --public-cert-data --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.61.0 (MSI) azsdk-python-core/1.28.0 Python/3.11.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****?api-version=2022-01-01 HTTP/1.1" 200 7414
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '7414'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'eadfab63-8dbd-4ff3-9e2b-c815f7b4c581'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '2ed028ab-dde8-414d-9aec-d23cc134c13f'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': 'b5c0b1a1-d9da-4e43-afa0-a4c2e2180dfc'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'NORTHEUROPE:20240607T045144Z:2ed028ab-dde8-414d-9aec-d23cc134c13f'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 35DBD08A4F9647A6828A86A8E4F67CBA Ref B: FRA231050413035 Ref C: 2024-06-07T04:51:42Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Jun 2024 04:51:44 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"name": "*****",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****",
"etag": "W/\"e8a64fc4-f09d-414f-a6ae-a9f19495a4bf\"",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "northeurope",
"tags": {},
"properties": {
"provisioningState": "Succeeded",
"resourceGuid": "*****",
"packetCaptureDiagnosticState": "None",
"enablePrivateIpAddress": false,
"isMigrateToCSES": false,
"ipConfigurations": [
{
"name": "default",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default",
"etag": "W/\"e8a64fc4-f09d-414f-a6ae-a9f19495a4bf\"",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/publicIPAddresses/*****"
},
"subnet": {
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworks/*****/subnets/GatewaySubnet"
}
}
}
],
"natRules": [],
"virtualNetworkGatewayPolicyGroups": [],
"enableBgpRouteTranslationForNat": false,
"disableIPSecReplayProtection": false,
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"*****"
]
},
"vpnClientProtocols": [
"OpenVPN"
],
"vpnAuthenticationTypes": [
"Certificate",
"AAD"
],
"vpnClientRootCertificates": [
{
"name": "*****",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/*****",
"etag": "W/\"e8a64fc4-f09d-414f-a6ae-a9f19495a4bf\"",
"properties": {
"provisioningState": "Succeeded",
"publicCertData": "*****"
},
"type": "Microsoft.Network/virtualNetworkGateways/vpnClientRootCertificates"
},
{
"name": "MyTestRoot",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/MyTestRoot",
"etag": "W/\"e8a64fc4-f09d-414f-a6ae-a9f19495a4bf\"",
"properties": {
"provisioningState": "Succeeded",
"publicCertData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQ2pDQ0FmS2dBd0lCQWdJVWRTQUtveU51ckRjdHR2UFo4a2FrNWJiWjI0c3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SFRFYk1Ca0dBMVVFQXd3U1RYa2dSMkYwWlhkaGVTQlNiMjkwSUVOQk1CNFhEVEkwTURZd056QTBORGt3DQpNRm9YRFRRME1EWXdOekEwTkRrd01Gb3dIVEViTUJrR0ExVUVBd3dTVFhrZ1IyRjBaWGRoZVNCU2IyOTBJRU5CDQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWhlYVFpTmtJaDJsQlIvTkRGTzYzDQpLdUlacXN4cDRjaU1MWTVwTGdmT2FJbDV6UW96SEh1WVA0empxK1hqWkJJT0puTnJSVkQ4azNsdjZTOW52SlNpDQpUbUVYQjBXWEZUaC9Ba2NwT2lxK3dTZHBQb0htZ2p2bWZodVIwbHB3Vlc4WUdzbFV5UklnRWlEc0YyMFFyTy9TDQpmRjNONkdHZ2htaW8xSGNobGwrSnQ0WGtoY05sMXNTWUFyQ1ZIcTMyREo3bXJSN0x3WGduWWFudXkrRU9MMFA3DQpWcHpvNjZRcXFGRjhzUXYxMFZNWjF6RjBySjlnekJkVEx0cnRaTEM3Z0JYTG4yZVhGM0c5ZEVQRkdMeVNHTUFDDQpTWmJhdDhxRDI3dFJNZGFFaFJrQjU5ZkIxM2dUTFFrRmY1cFVMUnFpbHhRVkNDRTl5UiswaEc4MzZuaTFUL29rDQptd0lEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQ0JEQWRCZ05WDQpIUTRFRmdRVUNKRjhobU0rRnZ4aUM0WndCOEM4NVRmSEF6OHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQXZyDQpSbkRFQ3NCQ2ZaNUR6ekwzWDMybEJwdUF2eVRmcjgyVzBZMk9UTm9kMGRwQ1RUYUdnNFpVbnlCS21nK1B3aFE4DQpzd1RuNENzVFQ0d011Zng4UVZJWHorbEsvaVdaYVdtVjZPNWdmUnFENWNEWitmZVlHNm1DMFVDZUFxVkRRSytVDQpUNlk4SHJxMmpzNEJBR3pjd2piWnA5THU4QmFxTVd5Ymg5SkZaclltSFFhOFZ6OGpqYUFjSVlOL3ZwMlRBQkgvDQo5U3cvd0EzTGI4TzQvL1BObUJuSWM0TzY1Q3RndE1YRTIxQmNJS0RubERIUzB2cmFmQVJDU1BqRDNwMG5iRDhvDQpjcU1zQURWektsOVlhRmF2VVJjanl6bDgrcjVPMk85ZGliakpNZ2Nua2JLUCt4aHVrT2ZjWUNNbWlKYVhzWTV1DQp5ZThPclVoNk9Ka3c3bGdoNkZRPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K"
},
"type": "Microsoft.Network/virtualNetworkGateways/vpnClientRootCertificates"
}
],
"vpnClientRevokedCertificates": [],
"vngClientConnectionConfigurations": [],
"vpnClientConnectionHealth": {
"vpnClientConnectionsCount": 5,
"allocatedIpAddresses": [
*****
],
"totalIngressBytesTransferred": 3209978696,
"totalEgressBytesTransferred": 9110891224
},
"radiusServers": [],
"vpnClientIpsecPolicies": [],
"aadTenant": "https://login.microsoftonline.com/*****",
"aadAudience": "*****",
"aadIssuer": "https://sts.windows.net/*****/"
},
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "*****",
"peerWeight": 0,
"bgpPeeringAddresses": [
{
"ipconfigurationId": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/ipConfigurations/default",
"defaultBgpIpAddresses": [
"*****"
],
"customBgpIpAddresses": [],
"tunnelIpAddresses": [
"*****"
]
}
]
},
"customRoutes": {
"addressPrefixes": []
},
"vpnGatewayGeneration": "Generation1"
}
}
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x03963B18>, <function _x509_from_base64_to_hex_transform at 0x03963B68>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
{
"etag": "W/\"e8a64fc4-f09d-414f-a6ae-a9f19495a4bf\"",
"id": "/subscriptions/*****/resourceGroups/*****/providers/Microsoft.Network/virtualNetworkGateways/*****/vpnClientRootCertificates/MyTestRoot",
"name": "MyTestRoot",
"provisioningState": "Succeeded",
"publicCertData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQ2pDQ0FmS2dBd0lCQWdJVWRTQUtveU51ckRjdHR2UFo4a2FrNWJiWjI0c3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SFRFYk1Ca0dBMVVFQXd3U1RYa2dSMkYwWlhkaGVTQlNiMjkwSUVOQk1CNFhEVEkwTURZd056QTBORGt3DQpNRm9YRFRRME1EWXdOekEwTkRrd01Gb3dIVEViTUJrR0ExVUVBd3dTVFhrZ1IyRjBaWGRoZVNCU2IyOTBJRU5CDQpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWhlYVFpTmtJaDJsQlIvTkRGTzYzDQpLdUlacXN4cDRjaU1MWTVwTGdmT2FJbDV6UW96SEh1WVA0empxK1hqWkJJT0puTnJSVkQ4azNsdjZTOW52SlNpDQpUbUVYQjBXWEZUaC9Ba2NwT2lxK3dTZHBQb0htZ2p2bWZodVIwbHB3Vlc4WUdzbFV5UklnRWlEc0YyMFFyTy9TDQpmRjNONkdHZ2htaW8xSGNobGwrSnQ0WGtoY05sMXNTWUFyQ1ZIcTMyREo3bXJSN0x3WGduWWFudXkrRU9MMFA3DQpWcHpvNjZRcXFGRjhzUXYxMFZNWjF6RjBySjlnekJkVEx0cnRaTEM3Z0JYTG4yZVhGM0c5ZEVQRkdMeVNHTUFDDQpTWmJhdDhxRDI3dFJNZGFFaFJrQjU5ZkIxM2dUTFFrRmY1cFVMUnFpbHhRVkNDRTl5UiswaEc4MzZuaTFUL29rDQptd0lEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQ0JEQWRCZ05WDQpIUTRFRmdRVUNKRjhobU0rRnZ4aUM0WndCOEM4NVRmSEF6OHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQXZyDQpSbkRFQ3NCQ2ZaNUR6ekwzWDMybEJwdUF2eVRmcjgyVzBZMk9UTm9kMGRwQ1RUYUdnNFpVbnlCS21nK1B3aFE4DQpzd1RuNENzVFQ0d011Zng4UVZJWHorbEsvaVdaYVdtVjZPNWdmUnFENWNEWitmZVlHNm1DMFVDZUFxVkRRSytVDQpUNlk4SHJxMmpzNEJBR3pjd2piWnA5THU4QmFxTVd5Ymg5SkZaclltSFFhOFZ6OGpqYUFjSVlOL3ZwMlRBQkgvDQo5U3cvd0EzTGI4TzQvL1BObUJuSWM0TzY1Q3RndE1YRTIxQmNJS0RubERIUzB2cmFmQVJDU1BqRDNwMG5iRDhvDQpjcU1zQURWektsOVlhRmF2VVJjanl6bDgrcjVPMk85ZGliakpNZ2Nua2JLUCt4aHVrT2ZjWUNNbWlKYVhzWTV1DQp5ZThPclVoNk9Ka3c3bGdoNkZRPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K",
"resourceGroup": "*****"
}
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x03938258>]
az_command_data_logger: exit code: 0
cli.__main__: Command ran in 138.941 seconds (init: 0.258, invoke: 138.683)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3794 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry\__init__.pyc C:\Users\*****\.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Az Cli should read the file, and understand that it is a PEM file format, and thus it should just remove the "--- BEGIN ---" and "--- END ---" sections, and upload the content in the middle as-is, without doing any kind of encoding or transformations.
Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 21:52:07) [MSC v.1937 32 bit (Intel)]
Your CLI is up-to-date.
Describe the bug
After creating a new private key and self-signed certificate with OpenSSL 3.1.4 and then attempting to upload the PEM format certificate file to a VPN Gateway instance with Az Cli the end result is that Az Cli takes the specified file (which contains e.g. the "--- BEGIN ---" and "--- END ---" parts, encodes the entire file with base64, and puts the result into the root certificate "Public certificate data" field.
As expected, any connection attempt with a certificate that's now signed with the private key will fail.
Related command
First issue the command
this generates a self-signed certificate and a private key. Then issue the command
to upload the certificate to Azure.
Errors
The command does not return an error message.
Issue script & Debug output
Expected behavior
Az Cli should read the file, and understand that it is a PEM file format, and thus it should just remove the "--- BEGIN ---" and "--- END ---" sections, and upload the content in the middle as-is, without doing any kind of encoding or transformations.
Environment Summary
azure-cli 2.61.0
core 2.61.0
telemetry 1.1.0
Extensions:
azure-iot 0.23.1
Dependencies:
msal 1.28.0
azure-mgmt-resource 23.1.1
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users*****.azure\cliextensions'
Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 21:52:07) [MSC v.1937 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response