Hi,
I would like to add a X509 auth certificate to the Windows server running on Openstack so I can execute WinRM commands using a cert rather than a password.
When bringing up a server instance, I'm passing the x509 cert as meta data as we use the user data to execute PS commands. I construct the metadata as shown in this post:
https://cloudbase.it/windows-without-passwords-in-openstack/
The Windows image used is derived from Windows 2012R2 eval images from Cloudbase, and the ConfigWinRMCertificateAuthPlugin appears to pick up the passed cert. The only difference is that we generate our own pem cert. However, I see the following error in the console log:
2017-02-07 09:07:56.735 1984 ERROR cloudbaseinit.init [-] plugin 'ConfigWinRMCertificateAuthPlugin' failed with error 'CryptoAPI error: 0xd'
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init [-] CryptoAPI error: 0xd
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init Traceback (most recent call last):
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init File "c:\program files\cloudbase solutions\cloudbase-init\python\lib\site-packages\cloudbaseinit\init.py", line 75, in execplugin
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init shareddata)
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init File "c:\program files\cloudbase solutions\cloudbase-init\python\lib\site-packages\cloudbaseinit\plugins\windows\winrmcertificateauth.py", line 92, in execute
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init certdata, storename=x509.STORENAMEROOT)
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init File "c:\program files\cloudbase solutions\cloudbase-init\python\lib\site-packages\cloudbaseinit\utils\windows\x509.py", line 236, in importcert
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init raise cryptoapi.CryptoAPIException()
2017-02-07 09:07:56.750 1984 ERROR cloudbaseinit.init cloudbaseinit.utils.windows.cryptoapi.CryptoAPIException: CryptoAPI error: 0xd
Appreciate any pointers on what the root cause of the error might be.
Thanks,
-- Kiran
Cloudbase-init configuration:
[DEFAULT]
username=Administrator
groups=Administrators
inject_user_password=true
first_logon_behaviour=no
config_drive_raw_hhd=true
config_drive_cdrom=true
config_drive_vfat=true
bsdtar_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\bsdtar.exe
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init-unattend.log
default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
logging_serial_port_settings=COM1,115200,N,8
mtu_use_dhcp_config=true
ntp_use_dhcp_config=true
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
metadata_services=cloudbaseinit.metadata.services.httpservice.HttpService,cloudbaseinit.metadata.services.configdrive.ConfigDriveService,cloudbaseinit.metadata.services.ec2service.EC2Service,cloudbaseinit.metadata.services.maasservice.MaaSHttpService
plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin
allow_reboot=false
stop_service_on_exit=false
check_latest_version=false
Sample pem cert:
-----BEGIN CERTIFICATE-----
MIIDHzCCAgegAwIBAgIJAOkAohQD8bfgMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNV
BAMTGGNsb3VkYmFzZS1pbml0LXVzZXItNDM1MDAeFw0xNzAyMTAxNjI1MTNaFw0y
NzAyMDgxNjI1MTNaMCMxITAfBgNVBAMTGGNsb3VkYmFzZS1pbml0LXVzZXItNDM1
MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlXjqDHz26MJZmui7S/
HhEStuMwzMUAsr9rZX33n4l+NjRf4xoLxzm/EH5nrLvA+zCWCbLCw/mXALxxP0QS
CUYe7Y7B8WWBiBOyibglq2Kd6KA33GvvrZSsrYEtX5kui2Yf8FxFKivTXW5TvZuw
1vCUs0SjlH1Npz0W4+9/4SL+67qUQAzOMWzn+uHdTzg4YHTlJUESOqeyKdTIG9Ft
OovaAa82kvObBeYRDD0hszAGnbBAIsUOyhOTrOPAT737NjumvhUfmUMNroRax4Bo
Qxb7X0HRTVBYgFrYnnJSOrWyYKiLb+HJTRHEvpQoJ89MJmrYoAarLL/HI6WFowhA
kk0CAwEAAaNWMFQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwPQYDVR0RBDYwNKAyBgor
BgEEAYI3FAIDoCQMImNsb3VkYmFzZS1pbml0LXVzZXItNDM1MEBsb2NhbGhvc3Qw
DQYJKoZIhvcNAQELBQADggEBAJrNbAN2DdZPt3rHJmh61BEBE2R/6jrVeRyzXWCg
iW0drgGo6ch1dRCVB3bLPdvsiOlUbRhHTUaWS5158wzauMuvPSo71aU/JHVJx0mJ
xshUuaSpnrV5z46w2qSgqCuwh0jLT3JCPwgGsIPH5+7GFPXneeNZ9M2F4ulMJEzZ
yM458dvkfH2rVMURuWEa6jzXIFlbfXBtSvqI3WidzJUHCa7dmuv/zLRzpJSpv+Zn
m5lPSZWnl0ArhGbRFUWuBwl4tUWO18ukLZzWPpBHmwY46IQELH8/Mr+lBBCNfQ4M
82IQYfsKr3VYNCB7EYDe21O+LzwAKgbVqFgrYn0qKNkEyww=
-----END CERTIFICATE-----