Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az account get-access-token throws an error certificate verify failed #38

Open
bebound opened this issue Feb 27, 2023 · 1 comment
Open

az account get-access-token throws an error certificate verify failed #38

bebound opened this issue Feb 27, 2023 · 1 comment

Comments

@bebound
Copy link
Owner

bebound commented Feb 27, 2023

az account get-access-token is failing with certificate verification error which is part of terraform init command whereas same az command works fine when running individually

Command Name
az account get-access-token

Errors:

HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /<tenant_id>/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Traceback (most recent call last):
urllib3\urllib3\contrib\pyopenssl.py, ln 456, in wrap_socket
pip-install-363drsgw\pyOpenSSL\OpenSSL\SSL.py, ln 1915, in do_handshake
...

To Reproduce:

terraform init

Complete error:

terraform init

Initializing the backend...

│ Error: obtaining Authorization Token from the Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: The command failed with an unexpected error. Here is the traceback:

│ HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7a9376d4-7c43-480f-82ba-a090647f651d/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
│ Traceback (most recent call last):
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\contrib\pyopenssl.py", line 456, in wrap_socket
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\pyOpenSSL\OpenSSL\SSL.py", line 1915, in do_handshake
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\pyOpenSSL\OpenSSL\SSL.py", line 1647, in _raise_ssl_error
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\pyOpenSSL\OpenSSL_util.py", line 54, in exception_from_error_queue
│ OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

│ During handling of the above exception, another exception occurred:

│ Traceback (most recent call last):
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\connectionpool.py", line 600, in urlopen
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\connectionpool.py", line 343, in make_request
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\connectionpool.py", line 839, in _validate_conn
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\connection.py", line 344, in connect
│ File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\util\ssl.py", line 347, in ssl_wrap_socket
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\contrib\pyopenssl.py", line 462, in wrap_socket
│ ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)

│ During handling of the above exception, another exception occurred:

│ Traceback (most recent call last):
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\requests\requests\adapters.py", line 449, in send
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\connectionpool.py", line 638, in urlopen
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-aq7acbhx\urllib3\urllib3\util\retry.py", line 399, in increment
│ urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7a9376d4-7c43-480f-82ba-a090647f651d/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

│ During handling of the above exception, another exception occurred:

│ Traceback (most recent call last):
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\knack\knack\cli.py", line 215, in invoke
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core\commands_init_.py", line 654, in execute
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core\commands_init_.py", line 718, in run_jobs_serially
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core\commands_init.py", line 711, in _run_job
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\six\six.py", line 703, in reraise
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core\commands_init_.py", line 688, in run_job
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core\commands_init.py", line 325, in call
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core_init_.py", line 545, in default_command_handler
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\command_modules\profile\custom.py", line 75, in get_access_token
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core_profile.py", line 650, in get_raw_token
│ File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\core_profile.py", line 1014, in retrieve_token_for_user
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\authentication_context.py", line 145, in acquire_token
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\authentication_context.py", line 128, in _acquire_token
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\authentication_context.py", line 143, in token_func
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\token_request.py", line 347, in get_token_from_cache_with_refresh
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\token_request.py", line 127, in _find_token_from_cache
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\cache_driver.py", line 199, in find
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\cache_driver.py", line 184, in _refresh_entry_if_necessary
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\cache_driver.py", line 160, in _acquire_new_token_from_mrrt
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\token_request.py", line 137, in _get_token_with_token_response
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\token_request.py", line 339, in _get_token_with_refresh_token
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\token_request.py", line 112, in _oauth_get_token
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\adal\adal\oauth2_client.py", line 268, in get_token
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\requests\requests\api.py", line 116, in post
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\requests\requests\api.py", line 60, in request
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\requests\requests\sessions.py", line 533, in request
│ File "C:\Users\VSSADM1\AppData\Local\Temp\pip-install-363drsgw\requests\requests\sessions.py", line 646, in send
│ File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-363drsgw\requests\requests\adapters.py", line 514, in send
│ requests.exceptions.SSLError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7a9376d4-7c43-480f-82ba-a090647f651d/oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

│ To open an issue, please run: 'az feedback'

Expected Behavior

terraform init should initialize terraform state on my local machine and to access it az command should generate token

Environment Summary

Windows-10-10.0.19041-SP0
Python 3.6.6
Installer: MSI

azure-cli 2.8.0

terraform 1.3.7
azurerm 3.38.0

Copy from https://github.com/Azure/azure-cli/issues/25301
@similar-bot-test
Copy link

Find similar issue https://github.com/Azure/azure-cli/issues/11356.
Issue title az account get-access-token - ERROR: The command failed with an unexpected error.
Create time 2019-11-22
Comment number 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bebound