question

AnkitSinghalSPECIALCLOUD-3945 avatar image
0 Votes"
AnkitSinghalSPECIALCLOUD-3945 asked StephenDolenc-3395 edited

AME Root CA is not a trusted authority in Azure VMs

We are facing an issue with Azure VMs that AME Root certificate is not added as the trusted authority in the Azure VMs and hence certificate load fails when we try to load the valid certs from the local store.

Background:
As part of the certificate management and auto-rotation we have to change the certificate issuers to AME (because in AAD and Geneva, AME is the trusted authority and for allowlisting the certificate based on subject names the cert should be issued by AME).
Also the certificate is installed in the VM but its Root certificate is not installed.

Now, when we try to get the certificate by passing the validOnly flag as true, the certificate load fails :
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, certificateSubject, true);

However installing the Root CA manually and using the same call, certificate is loaded as expected.

Ask:
Can we please check why AME Root is not allowed as the trusted issuer and what is needed to add it has the trusted one in all VMs.

azure-virtual-machines-images
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AnkitSinghalSPECIALCLOUD-3945

This issue needs deeper investigation. Support team will be able to check and help on this. I would recommend you to open a azure support case.

Also, once you get the issue fixed, request you to reply back here on the thread with the resolution steps for the benefit of the community.

0 Votes 0 ·

I'm encountering the same problem. How did you manually add AME Root as a trusted Root CA? I'm specifically wondering how to get the .crt file of the AME Root Authority

0 Votes 0 ·

0 Answers