Tag: Cloud

Azure Key Vault Error: The Specified PEM X.509 Certificate Content Is In An Unexpected Format

Robert LohrLeave a comment

Microsoft’s Azure Key Vault supports uploading certificates in the PEM format. However, it is a bit picky, and the format must be exact. The documentation contains all the information, but the PEM format has a few nuances that the documentation does not address.

The following is a valid certificate as generated by a PKI.

Subject: CN=The Codeslinger,O=The Codeslinger,C=DE
Issuer: CN=The Codeslinger Intermediate,O=The Codeslinger,C=DE
-----BEGIN CERTIFICATE-----
MIIC...Ivw=
-----END CERTIFICATE-----
Subject: CN=The Codeslinger Intermediate,O=The Codeslinger,C=DE
Issuer: CN=The Codeslinger Root,O=The Codeslinger,C=DE
-----BEGIN CERTIFICATE-----
MIIB...Rps=
-----END CERTIFICATE-----
Subject: CN=The Codeslinger Root,O=The Codeslinger,C=DE
Issuer: CN=The Codeslinger Root,O=The Codeslinger,C=DE
-----BEGIN CERTIFICATE-----
MIIB...aA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIE...12Us
-----END RSA PRIVATE KEY-----

However, Key Vault will not accept it. Instead, it throws the dreaded error: “The specified PEM X.509 certificate content is in an unexpected format. Please check if certificate is in valid PEM format.”

As you can see in the documentation, the PEM file must not have metadata about the certificate and issuing authorities. You can remove this information, and the PEM will look like the following.

-----BEGIN CERTIFICATE-----
MIIC...Ivw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB...Rps=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB...aA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIE...12Us
-----END RSA PRIVATE KEY-----

You are not done yet, though, as the key must be in the PCKS#8 format. The following OpenSSL command will do the trick if you store your key in a file.

openssl pkcs8 -topk8 -nocrypt -in private-key.pem

This works for RSA keys, as shown above, and Elliptic Curve keys.

-----BEGIN EC PRIVATE KEY-----
MHcC...8g==
-----END EC PRIVATE KEY-----

The output will be the following.

-----BEGIN PRIVATE KEY-----
MIGH...vnry
-----END PRIVATE KEY-----

Putting it all together, Key Vault will now accept the certificate.

-----BEGIN CERTIFICATE-----
MIIC...Ivw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB...Rps=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB...aA==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIE...8kjt
-----END PRIVATE KEY-----

I hope this helps.

Thank you for reading.

Produce Messages With Spring Cloud Stream Kafka

Robert Lohr2 Comments

Update:

In a recent post, I explained how to create a Kafka Consumer application with Spring Boot using Spring Cloud Stream with the Kafka Binder. In this installment, I explain how to build the other side of the Kafka connection: the producer.

The main concepts are the same. The most significant change is that instead of a Consumer<T>, you implement a Supplier<T>.

Read More »

Consume Messages With Spring Cloud Stream Kafka

Robert Lohr2 Comments

Update:

Spring Cloud Stream is a very complex topic and a remarkable piece of technology. It builds on other intricate Spring technologies like Spring Integration and Spring Cloud Function, and when you add Apache Kafka to the mix, you have a steep learning curve on your hands.

There is a lot of documentation to read and comprehend, and I do not think it helps that your first interaction with the technology is by showing off. Here is the sample in the “Introducing Spring Cloud Stream” section.

@SpringBootApplication
public class SampleApplication {
    public static void main(String[] args) {
        SpringApplication.run(SampleApplication.class, args);
    }
    @Bean
    public Function<String, String> uppercase() {
        return value -> value.toUpperCase();
    }
}

That supposedly is a fully functioning application. The uppercase() method consumes and produces simultaneously, essentially turning it into a way software can pleasure itself. To understand this example, you must know about all the Spring Boot auto-configuration magic happening in the background. Otherwise, it is an opaque magical, and indecipherable showpiece.

This post will show a practical example of a simple consumer application receiving messages from a Kafka cluster. This was my use case, and while the documentation contains a ton of helpful information, it only succeeded in confusing me at first, coming to the technology with fresh eyes. As a result, it took me a long time to put together all the pieces before I understood what was going on.

Read More »

OneDrive Sync On Linux Part 3, With abraunegg/onedrive As Daemon

Robert Lohr3 Comments

In a previous blog post, I showed another way of syncing OneDrive folders on Linux as an alternative to using RCLONE. It was the Open-Source project “onedrive” by Github user “abraunegg” (a fork of an abandoned project by user “skilion”). One thing I was having trouble with was the installation as a daemon. I used an @reboot crontab workaround to achieve my goal instead. However, I was not satisfied, so I went back to the documentation to see if I missed something. And miss I did. To my defense, other steps I had tried are omitting a necessary detail required to make it work.

I have mentioned the installation in the other post, but I also left out a thing or two that I came across. That is why I will include the setup process again, this time in more detail, and refer you to the other blog post for configuration tips. That is the part I will skip here.

My test system is the same Fedora 34 distribution, and I have also tested the steps on Pop!_OS, which means it should work on the other Ubuntu derivates.

Read More »

OneDrive Sync On Linux With RCLONE

Robert Lohr1 Comment

Update, 2, July 2021 I have found another tool that I now prefer. Read this blog post to learn more, or read this blog for yet even more information 😉.

In my quest to move to Linux as a daily driver it was important for me that I could continue to use Microsoft’s OneDrive cloud storage. Unsurprisingly, Windows 10 comes bundled with a OneDrive sync client. There is no official Linux support though, so I had to resort to a 3rd party tool. Luckily, there is a very powerful utility called rclone that does almost exactly what I want and I’ll explain how I have it set up to suit my needs.

Spoiler: it’s not as convenient as Microsoft’s sync client, but it has other things going for it.

Read More »