To resolve this issue, provide the intermediate and root certificates by passing the certificate bundle file's path to the ca_certs key in the pluginConfig

Question

To resolve this issue, provide the intermediate and root certificates by passing the certificate bundle file's path to the ca_certs key in the pluginConfig

Opened this issue a year ago · 1 comments

Hi,
I am trying out Notary.
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/container-registry/container-registry-tutorial-sign-build-push.md
following the link

when I run this command
notation sign --signature-format cose --key $KEY_NAME $IMAGE

I get the below error.

Error: generate-signature command failed: VALIDATION_ERROR: Failed to build the X509 chain up to the root certificate. The provided certificate bundle either does not match or does not contain enough certificates to build a complete chain. To resolve this issue, provide the intermediate and root certificates by passing the certificate bundle file's path to the ca_certs key in the pluginConfig

can you please let me know how to fix it. I don't see pluginConfig in
/root/.config/notation

Answer 1 · 2023-06-21T01:34:05.000Z

@lohithabc Thanks for reporting this issue. This issue is related to Notation CLI and Notation plugin, so would you mind moving this issue to Notationrepo?

We also need more information from you:

Notation and Notation AKV plugin version

We had similar bug before, so please make sure you are using the latest version of Notation AKV plugin