Azure CLI login not working , error- HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443)

How To

 

Azure CLI login not working , error- HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443)

 

Error – HTTPSConnectionPool(host=’login.microsoftonline.com’, port=443): Max retries exceeded with url: /common/oauth2/devicecode?api-version=1.0 (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))

 

 

Why?

First time i saw this error on one of my vdi desktop and first thing i checked is portal.azure.com and powershell login with connect-azaccount and both were working fine. i was trying CLI as i wanted to test terraform from my machine and terraform only support CLI login.

Azure CLI is open source and built on Python which offers good cross-platform capabilities compare to PS. The cool thing about Azure CLI is that you can use it with pretty much all known platforms like macOS, Windows and Linux.

There are 2 different scenarios where you might face this issue

1> if the vm/machine is behind proxy or incorrect proxy set of vm.

2> if you have self-signed certificate on vm/machine.

Solutions-

if you dont know why you are facing the issue then i would suggest to set proxy as well as certificate in the CLI trusted certificate.

Below are the steps to do so:

1> set proxy to correct value or blank

set HTTPS_PROXY=http://proxy.jgr.cc
set HTTPS_PROXY=http://proxy.jgf.cc:80

OR 

set HTTPS_PROXY=
set HTTPS_PROXY=

2> setting up self-signed certificate OR CA certificate in CLI cacert.pem

Get the self-sign certificate OR CA certificate and store it in. convert it to .pem so that you can open it in notepad and append the content at the end of “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem”
Certutil can be used to convert .cer to .pem on windows as below:


certutil -encode c:\cert\root.cer c:\cert\root.pem

once you have .pem file then simply open it in notepad and copy the contend and append it at the end of “C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem”


(Visited 23 times, 1 visits today)