Azure CLI login not working , error- HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443)

Error – HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443): Max retries exceeded with url: /common/oauth2/devicecode?api-version=1.0 (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))

Why?

First time i saw this error on one of my vdi desktop and first thing i checked is portal.azure.com and powershell login with connect-azaccount and both were working fine. i was trying CLI as i wanted to test terraform from my machine and terraform only support CLI login.

Azure CLI is open source and built on Python which offers good cross-platform capabilities compare to PS. The cool thing about Azure CLI is that you can use it with pretty much all known platforms like macOS, Windows and Linux.

There are 2 different scenarios where you might face this issue

1> if the vm/machine is behind proxy or incorrect proxy set of vm.

2> if you have self-signed certificate on vm/machine.

Solutions-

if you dont know why you are facing the issue then i would suggest to set proxy as well as certificate in the CLI trusted certificate.

Below are the steps to do so:

1> set proxy to correct value or blank

set HTTPS_PROXY=http://proxy.jgr.cc
set HTTPS_PROXY=http://proxy.jgf.cc:80

OR 

set HTTPS_PROXY=
set HTTPS_PROXY=

2> setting up self-signed certificate OR CA certificate in CLI cacert.pem

Get the self-sign certificate OR CA certificate and store it in. convert it to .pem so that you can open it in notepad and append the content at the end of “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem”
Certutil can be used to convert .cer to .pem on windows as below:


certutil -encode c:\cert\root.cer c:\cert\root.pem

once you have .pem file then simply open it in notepad and copy the contend and append it at the end of “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem”


(Visited 4 times, 1 visits today)

By Arun Sabale

Arun is a Solution Architect on enterprise client management with more than 14 years of experience in IT. Arun Sabale is Blogger and tech enthusiast. His main focus is on Azure cloud infra, Cloud automation with powershell, python, ARM terraform and all cloud infra services like compute, storage, network, automation, function api etc... LinkedIN - https://www.linkedin.com/in/arun-sabale/