Skip to content

account:setup:ci Certificate Conditions documentation generates unusable certificates #997

Open
Open
account:setup:ci Certificate Conditions documentation generates unusable certificates#997
@nemchik

Description

@nemchik
nemchik
opened on Mar 19, 2026

Select the SuiteCloud tool where you encountered the issue

SuiteCloud CLI

Version of the SuiteCloud Tool

"@oracle/suitecloud-cli": "3.1.2"

Operating system

Windows 11 25H2 with WSL Ubuntu 24.04.4 LTS

Node Version / VSCode Version

v24.14.0 (v22.22.1 was also tested, both versions are LTS)

JAVA Version

java 21.0.10+8-LTS-217

Bug description

The documentation for account:setup:ci links to Certificate Conditions which supplies commands for creating certificates as follows:

ES256

openssl req -new -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt ec_param_enc:named_curve -nodes -days 365 -out public.pem -keyout private.pem

ES512

openssl req -new -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp521r1 -pkeyopt ec_param_enc:named_curve -nodes -days 365 -out public.pem -keyout private.pem

RSA - PSS

openssl req -new -x509 -newkey rsa:4096 -keyout private.pem -sigopt rsa_padding_mode:pss -sha256 -sigopt rsa_pss_saltlen:64 -out public.pem -nodes -days 365

However, attempting to use certificates generated with these options results in an error message:

There was an error with the private key used to authenticate. Verify the contents of the private key.

I have tried using Win64 OpenSSL v3.6.1 Light as well as the openssl command in Ubuntu 24.04.4 LTS via WSL. I have confirmed that line endings (CRLF/LF) and trailing newlines in the file being present or not does not affect the outcome.

I have tested this in GitHub Actions and locally via WSL, and I have set SUITECLOUD_CI=1 and SUITECLOUD_CI_PASSKEY=a_32_to_100_character_string in both environments with the same result.

Steps To Reproduce

  1. Generate a certificate with one of the 3 commands above (per the documentation)
  2. Upload the public key in the OAuth 2.0 Client Credentials Setup by choosing SuiteCloud Development Integration in the Application field and selecting the entity and role to map
  3. Note the Certificate ID to be used
  4. Run suitecloud account:setup:ci --account <myAccountId> --authid <myAuthId> --certificateid <myCertificateId> --privatekeypath private.pem
  5. Receive the error message

    There was an error with the private key used to authenticate. Verify the contents of the private key.

Actual Output

There was an error with the private key used to authenticate. Verify the contents of the private key.

Expected Output

The authentication was successful with the following account and role: <myCompany> [<myOAuthRole>]. This project will use the authentication ID "<myAccountId>" as default.
The account has been successfully set up.

Ideally to resolve the issue, the documentation for Certificate Conditions should be updated to provide example commands that do not cause this issue.

Anything else?

Using the following command to generate a certificate works without issue:

openssl req -x509 -newkey rsa:4096 -sha256 -keyout private.pem -out public.pem -noenc

Ref: #834 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions