Get-GOAuthenticationService Issue #59
Comments
|
Hey Ryan, Did you pass in a certificate file with filepath/password, or a CertificateObj? Did you update the certificate in MacOS, or are you just it directly from the Google project? |
|
That is correct, I passed the certificate file with a file path/password.
I’m not entirely sure what the second sentence means. I’m storing the
certificate in a Google Drive which the macOS computer pulls from. I
tested that Cert on another computer running macOS 14.3.1 (same Powershell
version) and it works just fine.
RYAN ELMER | Director of Information Security
***@***.***
952.658.7763 Direct | 952.451.5081 Cell
19011 Lake Drive East | Chanhassen, MN 55317
[image: The Bernard Group 2023 logo] <https://thebernardgroup.com/>
[image: The Bernard Group 2023 Ecovadis Pattern]
<https://thebernardgroup.com/social-responsibility/>
…On Mar 13, 2024 at 11:57:23 AM, Kyle Weeks ***@***.***> wrote:
Hey Ryan,
Did you pass in a certificate file with filepath/password, or a
CertificateObj? Did you update the certificate in MacOS, or are you just it
directly from the Google project?
—
Reply to this email directly, view it on GitHub
<#59 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZKXHABR7GNDDTDVQSXOUK3YYCAPHAVCNFSM6AAAAABEUNOSQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJUHE4TAMJRGE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
NOTICE: The information contained in this email is legally
privileged and
confidential information for the sole use of the intended
recipient. Any use,
distribution, transmittal or re-transmittal of
information contained in this
email by persons who are not intended
recipients may be a violation of law
and is strictly prohibited. If you are
not the intended recipient, please contact
sender and delete all copies.
|
|
Ah, I use openSSL to unpack and update the password on the certificate pair downloaded from the Google Project since the password is a default well known password. I wasn't sure if you were using any of the key management utilities from MacOS / XCode to modify those settings as the error referenced is specific to the MacOS KeyChain. "OSStatus error -67738 - CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK" -> As best I can tell the CSSM cannot decode the certificate (technically, or access denied). It may be referenced in a bad keyChain entry locally to your system, or is having parsing issues with the password used. You know the certificate and module are working on another flavor of MacOS, and sorry I can't troubleshoot much more from here. |
|
I confirmed that this is an upstream .net issue and will impact any of
your users who upgrade to macOS Sonoma 14.4
dotnet/runtime#99735
RYAN ELMER | Director of Information Security
***@***.***
952.658.7763 Direct | 952.451.5081 Cell
19011 Lake Drive East | Chanhassen, MN 55317
[image: The Bernard Group 2023 logo] <https://thebernardgroup.com/>
[image: The Bernard Group 2023 Ecovadis Pattern]
<https://thebernardgroup.com/social-responsibility/>
…On Mar 13, 2024 at 5:36:19 PM, Kyle Weeks ***@***.***> wrote:
Ah, I use openSSL to unpack and update the password on the certificate
pair downloaded from the Google Project since the password is a default
well known password. I wasn't sure if you were using any of the key
management utilities from MacOS / XCode to modify those settings as the
error referenced is specific to the MacOS KeyChain. "OSStatus error -67738
- CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK" ->
As best I can tell the CSSM cannot decode the certificate (technically, or
access denied). It may be referenced in a bad keyChain entry locally to
your system, or is having parsing issues with the password used.
You know the certificate and module are working on another flavor of
MacOS, and sorry I can't troubleshoot much more from here.
—
Reply to this email directly, view it on GitHub
<#59 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZKXHABIHAFCD44EZ5TNS5LYYDIGHAVCNFSM6AAAAABEUNOSQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJWGAYDONZUGE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
NOTICE: The information contained in this email is legally
privileged and
confidential information for the sole use of the intended
recipient. Any use,
distribution, transmittal or re-transmittal of
information contained in this
email by persons who are not intended
recipients may be a violation of law
and is strictly prohibited. If you are
not the intended recipient, please contact
sender and delete all copies.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm receiving the following error from line "$null = $rsa.ImportParameters($rsaPrivate.ExportParameters($true))"
The operation couldn’t be completed. (OSStatus error -67738 - CSSM Exception: -2147415780 CSSMERR_CSP_INVALID_KEYATTR_MASK)
I have updated to UMN-Google module 2.0.2
I am experiencing the issue after updating to macOS Sonoma 14.4, it is still working on 14.3. Here is $PSVERSIONTABLE info
PSVersion : 7.4.1
PSEdition : Core
GitCommitId : 7.4.1
OS : Darwin 23.4.0 Darwin Kernel Version 23.4.0: Wed Feb 21 21:44:06 PST 2024; root:xnu-10063.101.15~2/RELEASE_ARM64_T8103
Platform : Unix
PSCompatibleVersions : System.Version[]
PSRemotingProtocolVersion : 2.3
SerializationVersion : 1.1.0.1
WSManStackVersion : 3.0
The text was updated successfully, but these errors were encountered: