vaultsharp tls auth failed - client certificate must be supplied

Question

Vaultsharp is not able to authenticate with vault for TLS AUTH method

C# code on windows 10, cert and key in personal store

environment windows

X509Certificate2 clientCertificate = null;
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificateList =         
store.Certificates.Find(X509FindType.FindBySubjectName, "subject name", false);

    if (certificateList.Count > 0)
    {
        clientCertificate = certificateList[0];
    };
    store.Close();


// got clientCertificate here, it has private key as well

try
{
    IAuthMethodInfo authMethod = new CertAuthMethodInfo(clientCertificate);
    var vaultClientSettings = new VaultClientSettings("endpoint:8200", authMethod);
    IVaultClient vaultClient = new VaultClient(vaultClientSettings);
    Secret<Dictionary<string, object>> secret = null;
    Task.Run(async () =>
    {
        secret = await vaultClient.V1.Secrets.KeyValue.V1.ReadSecretAsync("dummy_app/dev/connection_strings");
    }).GetAwaiter().GetResult();

Above code is throwing error

{"errors":["client certificate must be supplied"]}

It should return the secret instead of throwing exception

Answer 1

Please check the following.

1. That the certificate really has a private key. (HasPrivateKey check on the object) Typically you read a private key from a store using a passphrase. I don't see that above, so it maybe that what you have is a public key.

2. Please ensure that the certificate is a valid cert with the full chain. The Vault API (not VaultSharp) throws an error if it cannot find the parent chain.

3. Please inspect the http or tcp connection to see if the cert is truly attached.