notation: Failed to sign images using self-signed certificates created from Key vault

Summary

Notation alpha.3 release is used. Follow the steps according to the workflow https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-sign-build-push

After creating self-signed certificates in AKV, signing image doesn’t work.

$ notation sign --key $KEY_NAME $IMAGE
Error: describe-key command failed: azure-kv: : x509: malformed certificate
2022/08/18 21:42:13 describe-key command failed: azure-kv: : x509: malformed certificate

Desired Result

Notation sign and verify should work easily using self-signed certificates from a KV.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (16 by maintainers)

Most upvoted comments

Verified successfully using dev build https://github.com/notaryproject/notation/releases/tag/v0.10.0-alpha.3.dev.20220928. Alpha.4 is good to go.

+1
yizha1 on Sep 29, 2022

Hi @vaninrao10 and @dtzar, I will start to verify the dev build, and let you know the results before Thursday community call.

+1
yizha1 on Sep 29, 2022

@vaninrao10 Need merge https://github.com/notaryproject/notation-go/pull/147 and https://github.com/notaryproject/notation-go/pull/131 firstly, then I can verify it use latest notation-go and notation-core-go.

+1
yizha1 on Sep 24, 2022

@FeynmanZhou - I have created an issue to relax the certificate chain requirement. refer https://github.com/notaryproject/notaryproject/issues/192. I think we now need to assign this issue to a crypto SME to identify which all Notary project specifications need updating and then do a pull request.

+1
iamsamirzon on Sep 1, 2022
Read more comments on GitHub
← notary: yubikey HSM driver not loading on OSX 10.11.6 (15G1004)
laravel-soap: Server was unable to process request. Object reference not set to an instance of an object. →