Page MenuHomeVyOS Platform

PKI: generate pki certificate sign <ca-name> is not working
Open, NormalPublicBUG

Description

While signing the certificate without mentioning the install name, the following error is received:

vyos@vyos:~$ generate pki certificate sign root_ca
Do you already have a certificate request? [y/N] y
Paste certificate request and press enter:
MIICsjCCAZoCAQAwXDELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUx
EjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEVMBMGA1UEAwwMaXBz
ZWMtc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSVC5Gro
fn5rFPN6GBnKGtJjTi3oXIDHFy86NKEC5EUUyO8B0j9ytdGrib8HTC3QYmP8O4qv
+2oM9KwILk+dDOdFH9BzZUOWJ9z7LixBPdoMPMLxgqy5Rgz7pOBJfs9W9WZQJ7px
flUntyC1jFpAMLvWEtC3u5cIw6kC6V1b9q6Er6Z2aa5AGg3eoswYTaRyrBf7/0VS
GyWvui9EwjaNjvgtxcunRG0X/qJg4RRBCsXyEwsVqeBV1EBCeevk/F849K/cyh9S
qMr7o1cSaWTRwO2a9DrXJG8c+wayerJOFVppT9JN5iRhT04VuHyqQrFbPPyGcWBE
0WxeagxAH3G7tQIDAQABoBEwDwYJKoZIhvcNAQkOMQIwADANBgkqhkiG9w0BAQsF
AAOCAQEAukqy1h6xeM02w8r5wXxOLW82VFkUzhv8lVh3OCV1fa3fKuLgAVCJqdDq
O5BLVbovrhInjU5YJot+Yz85+pbcG4/05GH0rKPJkleuOFads4qSIQFAbiYq1wwr
iqTXDU7iLQDGZJvXAw26GuQ/OElqHGrY6Q6Cq4IG9a+bgdfLBOYKKBwKehwQ+Un7
/Ihp+5mhvezt+5cIdDlvYfoSFoxj87p13229ticALidBdnb660ZRqj6hao/VWBPR
HAvpWp2C+2w3nMpWYCFv8L/O8WzyGZ0BAbzIYxQfinqYaHZ8bHrfeQWS35g4tM4Y
3TZ5y945oD2+6Zj2VxMAII6HQvrPxw==

Enter how many days certificate will be valid: (Default: 365)
Enter certificate type: (client, server) (Default: server) server
Note: If you plan to use the generated key on this router, do not encrypt the private key.
Do you want to encrypt the private key with a passphrase? [y/N] N
-----BEGIN CERTIFICATE-----
MIIDtjCCAp6gAwIBAgIUJXxea2uiIl/HY+cW4S1wxo0q+mMwDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHcm9vdF9jYTAeFw0y
MTExMjkxMTU3MzVaFw0yMjExMjkxMTU3MzVaMFwxCzAJBgNVBAYTAkdCMRMwEQYD
VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
T1MxFTATBgNVBAMMDGlwc2VjLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMElQuRq6H5+axTzehgZyhrSY04t6FyAxxcvOjShAuRFFMjvAdI/
crXRq4m/B0wt0GJj/DuKr/tqDPSsCC5PnQznRR/Qc2VDlifc+y4sQT3aDDzC8YKs
uUYM+6TgSX7PVvVmUCe6cX5VJ7cgtYxaQDC71hLQt7uXCMOpAuldW/auhK+mdmmu
QBoN3qLMGE2kcqwX+/9FUhslr7ovRMI2jY74LcXLp0RtF/6iYOEUQQrF8hMLFang
VdRAQnnr5PxfOPSv3MofUqjK+6NXEmlk0cDtmvQ61yRvHPsGsnqyThVaaU/STeYk
YU9OFbh8qkKxWzz8hnFgRNFsXmoMQB9xu7UCAwEAAaN1MHMwDAYDVR0TAQH/BAIw
ADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE
FN3dCB5+W4JEIa9YxxqQxXBN7asgMB8GA1UdIwQYMBaAFB/2bDdL/YniFhAWojXz
nswT/GvyMA0GCSqGSIb3DQEBCwUAA4IBAQABKi/Hn1SxtFoZmYeDIc64+9wUUg4+
cxzvj/MKePY6Q2RMQurlzUHiK7zZbjJMSibEgWDVVncpCW+bNEJwh/tOab6uwKy7
jMvu1bAdZCKThxpGSIG9yRwSbKaJfOFwGbcZHthAHTlWe1JjU7+HIsfwJSmZl4EV
elN6Kk9cTEcOHYmVUKUSBViEtvc07iYLUoL8rapR/mctx8sShg5ZjWFbZnHJHBRu
SEESFZbDbTIEax4v9QEWQjsg6umZH6SjH+4BJcl3pP8C9vsAywNH6yCO9MdTVl/Q
cOCy3Eqt5ulPbtZmR70HGn0SWh04Whey+/XdFLgb/A2Jc2HMeNwFLl76
-----END CERTIFICATE-----

Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/pki.py", line 813, in <module>
    generate_certificate_sign(args.certificate, args.sign, install=args.install, file=args.file)
  File "/usr/libexec/vyos/op_mode/pki.py", line 483, in generate_certificate_sign
    print(encode_private_key(private_key, passphrase=passphrase))
  File "/usr/lib/python3/dist-packages/vyos/pki.py", line 84, in encode_private_key
    return private_key.private_bytes(
AttributeError: 'NoneType' object has no attribute 'private_bytes'

Same error received when passphrase provided.

Successful when install name is provided:

vyos@vyos:~$ generate pki certificate sign root_ca install ipsec-server
Do you already have a certificate request? [y/N] y
Paste certificate request and press enter:
MIICsjCCAZoCAQAwXDELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUx
EjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEVMBMGA1UEAwwMaXBz
ZWMtc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSVC5Gro
fn5rFPN6GBnKGtJjTi3oXIDHFy86NKEC5EUUyO8B0j9ytdGrib8HTC3QYmP8O4qv
+2oM9KwILk+dDOdFH9BzZUOWJ9z7LixBPdoMPMLxgqy5Rgz7pOBJfs9W9WZQJ7px
flUntyC1jFpAMLvWEtC3u5cIw6kC6V1b9q6Er6Z2aa5AGg3eoswYTaRyrBf7/0VS
GyWvui9EwjaNjvgtxcunRG0X/qJg4RRBCsXyEwsVqeBV1EBCeevk/F849K/cyh9S
qMr7o1cSaWTRwO2a9DrXJG8c+wayerJOFVppT9JN5iRhT04VuHyqQrFbPPyGcWBE
0WxeagxAH3G7tQIDAQABoBEwDwYJKoZIhvcNAQkOMQIwADANBgkqhkiG9w0BAQsF
AAOCAQEAukqy1h6xeM02w8r5wXxOLW82VFkUzhv8lVh3OCV1fa3fKuLgAVCJqdDq
O5BLVbovrhInjU5YJot+Yz85+pbcG4/05GH0rKPJkleuOFads4qSIQFAbiYq1wwr
iqTXDU7iLQDGZJvXAw26GuQ/OElqHGrY6Q6Cq4IG9a+bgdfLBOYKKBwKehwQ+Un7
/Ihp+5mhvezt+5cIdDlvYfoSFoxj87p13229ticALidBdnb660ZRqj6hao/VWBPR
HAvpWp2C+2w3nMpWYCFv8L/O8WzyGZ0BAbzIYxQfinqYaHZ8bHrfeQWS35g4tM4Y
3TZ5y945oD2+6Zj2VxMAII6HQvrPxw==

Enter how many days certificate will be valid: (Default: 365)
Enter certificate type: (client, server) (Default: server) server
Note: If you plan to use the generated key on this router, do not encrypt the private key.
Do you want to encrypt the private key with a passphrase? [y/N] N
You are not in configure mode, commands to install manually from configure mode:
set pki certificate ipsec-server certificate 'MIIDtjCCAp6gAwIBAgIURNhTCUy/r9g/UihWEffEGzFlPV8wDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHcm9vdF9jYTAeFw0yMTExMjkxMTU1NTVaFw0yMjExMjkxMTU1NTVaMFwxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFTATBgNVBAMMDGlwc2VjLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMElQuRq6H5+axTzehgZyhrSY04t6FyAxxcvOjShAuRFFMjvAdI/crXRq4m/B0wt0GJj/DuKr/tqDPSsCC5PnQznRR/Qc2VDlifc+y4sQT3aDDzC8YKsuUYM+6TgSX7PVvVmUCe6cX5VJ7cgtYxaQDC71hLQt7uXCMOpAuldW/auhK+mdmmuQBoN3qLMGE2kcqwX+/9FUhslr7ovRMI2jY74LcXLp0RtF/6iYOEUQQrF8hMLFangVdRAQnnr5PxfOPSv3MofUqjK+6NXEmlk0cDtmvQ61yRvHPsGsnqyThVaaU/STeYkYU9OFbh8qkKxWzz8hnFgRNFsXmoMQB9xu7UCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFN3dCB5+W4JEIa9YxxqQxXBN7asgMB8GA1UdIwQYMBaAFB/2bDdL/YniFhAWojXznswT/GvyMA0GCSqGSIb3DQEBCwUAA4IBAQAAsTpou/J+ldjOA23mJuiINaD989B/ve1nCglPnxZEtOjlZDab8ECTKi5TKChIljT4D5MVPiRhxSzDQi5fjb04D9pzAclxeizFAv3Ev6sfY+FDT4ZZzlepEOgCdslZPfA2gctgl7TogBwdqos5fbbDcBxQLgJs/3NZe5YMJpeSPG+qacpm4HXJnH0seDG9BS8iFxjm0IzC7O0czQBwNEfWSl/+mN9s9Tm62uS7cB/ehjLzIA28O3MySzGd+k/GrxhTwEE80BuzQcC23BCSHUseMeYr+qFiNXPCXJqwGaWNtW29G0XUGQW82jOaXykPBxPBeUOXC2oZ3b5q8HRtm7QE'

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202111281249
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)