Enable Certificate download (.cer & .pfx) by nchapagain001 · Pull Request #648 · microsoft/VirtualClient

nchapagain001 · 2026-03-01T01:59:43Z

This PR adds a feature in bootstrap subcommand (&CertificateInstallation) to allow it to download certificate.

Removes ability to parse tenantId implicitly.

website/docs/guides/0010-command-line.md

Signed-off-by: Nirjan Chapagain <165215502+nchapagain001@users.noreply.github.com>

brdeyo · 2026-03-05T18:01:24Z

src/VirtualClient/VirtualClient.Main/profiles/BOOTSTRAP-CERTIFICATE.json

-        "AccessTokenPath": "$.Parameters.LogFileName"
+        "AccessTokenPath": "$.Parameters.LogFileName",
+        "CertificateInstallationDir": "$.Parameters.CertificateInstallationDir",
+        "WithPrivateKey": "$.Parameters.WithPrivateKey"


No need to make a distinction. We have no scenarios where downloading a public key certificate is required for customer scenarios. Just assume the private key download.

brdeyo · 2026-03-05T18:02:47Z

src/VirtualClient/VirtualClient.Main/profiles/BOOTSTRAP-CERTIFICATE.json

        "CertificateName": "$.Parameters.CertificateName",
        "AccessToken": "$.Parameters.AccessToken",
-        "AccessTokenPath": "$.Parameters.LogFileName"
+        "AccessTokenPath": "$.Parameters.LogFileName",


Naming: AccessTokenFilePath. It is longer but also more clear.

brdeyo · 2026-03-05T18:04:28Z

src/VirtualClient/VirtualClient.Main/profiles/BOOTSTRAP-CERTIFICATE.json

@@ -14,9 +16,10 @@
        "KeyVaultUri": "$.Parameters.KeyVaultUri",


Note that I am doing some rework on the original implementation for Key Vault integration. It did not follow the patterns closely enough as we have for other types of stores (e.g. package, content, Event Hub). Because it didn't, it pushed wonky code choices/requirements downstream that are junking up the code.

We will need to converge together in the coming days to merge our changesets into something harmonious.

brdeyo · 2026-03-05T18:07:25Z

src/VirtualClient/VirtualClient.Core/Identity/CertificateLoaderHelper.cs

@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+namespace VirtualClient.Identity


I don't think we will need this class. This source code should just be located in the Component that is using it. If it is used in more than 1 Component, we should just use extension methods. The source code location/folder is fine. Maybe a CertificateManagerExtensions class.

Nirjan Chapagain added 6 commits February 27, 2026 13:26

main changes

b94ec7c

Minor fix

6fb81c4

Allowing cert to be exported even after loading.

02a029a

Adding doc

39bf1f0

Adding ut

b5a8e35

Adding comments

50aff11

brdeyo requested changes Mar 2, 2026

View reviewed changes

website/docs/guides/0010-command-line.md Outdated Show resolved Hide resolved

Nirjan Chapagain and others added 3 commits March 2, 2026 14:34

Addressing PR comments

3db2a7d

UT fix

989f114

Merge branch 'main' into users/nchapagain/EnableCertDownload

f991c10

Copilot AI mentioned this pull request Mar 3, 2026

Rename cert CLI options to follow kebab-case naming convention #650

Closed

nchapagain001 enabled auto-merge (squash) March 3, 2026 00:38

microsoft deleted a comment from Copilot AI Mar 3, 2026

nchapagain001 requested a review from brdeyo March 3, 2026 01:12

Nirjan Chapagain added 8 commits March 2, 2026 21:05

main changes

c3a9d24

Minor fix

032fb2b

Allowing cert to be exported even after loading.

18ccb60

Adding doc

340cfc6

Adding ut

fa57893

Adding comments

51a4e62

Addressing PR comments

cb9d335

UT fix

08a9050

nchapagain001 force-pushed the users/nchapagain/EnableCertDownload branch from f991c10 to 08a9050 Compare March 3, 2026 05:05

nchapagain001 disabled auto-merge March 3, 2026 05:05

RakeshwarK approved these changes Mar 3, 2026

View reviewed changes

Nirjan Chapagain added 2 commits March 3, 2026 10:04

public -> protected

e8e3ced

foo

9ae2ef0

nchapagain001 enabled auto-merge (squash) March 4, 2026 16:27

nchapagain001 added 2 commits March 4, 2026 16:25

Merge branch 'main' into users/nchapagain/EnableCertDownload

7c004c1

Merge branch 'main' into users/nchapagain/EnableCertDownload

2236a50

Signed-off-by: Nirjan Chapagain <165215502+nchapagain001@users.noreply.github.com>

Fixing profile

3e24550

brdeyo requested changes Mar 6, 2026

View reviewed changes

nchapagain001 disabled auto-merge March 13, 2026 18:59

nchapagain001 marked this pull request as draft March 16, 2026 00:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable Certificate download (.cer & .pfx)#648

Enable Certificate download (.cer & .pfx)#648
nchapagain001 wants to merge 22 commits intomainfrom
users/nchapagain/EnableCertDownload

nchapagain001 commented Mar 1, 2026 •

edited

Loading

Uh oh!

Uh oh!

brdeyo Mar 5, 2026

Uh oh!

brdeyo Mar 5, 2026

Uh oh!

brdeyo Mar 5, 2026

Uh oh!

brdeyo Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

		@@ -14,9 +16,10 @@
		"KeyVaultUri": "$.Parameters.KeyVaultUri",

Conversation

nchapagain001 commented Mar 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

brdeyo Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

brdeyo Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

brdeyo Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

brdeyo Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

nchapagain001 commented Mar 1, 2026 •

edited

Loading