Getting CannotParseValidCertificateFromRIRPage when trying to provision BYOIP in Azure

Patrick Pouw 5 Reputation points
2023-01-17T15:21:30.5833333+00:00

Hi,

We are trying to bring our own IP range which is managed by RIPE to Azure.

I've followed all steps at [https://video2.skills-academy.com/en-us/azure/virtual-network/ip-services/create-custom-ip-address-prefix-portal

But I'm getting a CannotParseValidCertificateFromRIRPage error when trying to provision the range.

I've triple checked all configuration and even re-did it thrice just to make sure i did'nt make an error.

This is my inetnum record at RIPE with the certificate in the remarks field (triple checked to make sure i have no additional spaces and the begin and end headers are there)

2023_01_17_16_08_06_Webupdates_RIPE_Network_Coordination_Centre

I've create a ROA document to authorize Microsoft with Origin AS as 8075

At RIPE you can't configure a validity end date of the ROA so from the docs i should choose one myself in the request and made sure that matches on both ends (in the certificate and in the signed message in Azure)

Does anyone here have any experience with this or had the same error and managed to fix it?

The BYOIP feature is fairly new and other then this page describing the error [https://video2.skills-academy.com/en-us/azure/virtual-network/ip-services/manage-custom-ip-address-prefix there is nothing to be found on the internet about this topic.

Thanks!

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,401 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
502 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,231 Reputation points
    2023-01-17T20:54:18.06+00:00

    @Patrick Pouw Thanks for reaching out to Microsoft Q&A.

    As per documentation, the reason for the error that you are receiving is-

    CannotParseValidCertificateFromRIRPage - Can't parse the public key for the IP prefix using the registration data access protocol (RDAP) of the regional internet registry (RIR).

    I understand that you have already verified that the config is correct, however, since the error message indicates that there is a parsing issue, I would re-check the steps and confirm that the Public Key for the IP Prefix is correct.

    Please go through the steps, especially. the Certificate Readiness. If this does not help, please reach out to Azure Support directly to verify the issue. Hope this helps.

    Please let us know if you have any more questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is [how][1].

    Want a reminder to come back and check responses? Here is [how][2] to subscribe to a notification.

    0 comments
  2. Lukas Becker 0 Reputation points
    2024-08-22T14:32:55.8233333+00:00

    Did you solved the issue?

    I have exactly the same thing. Checked and my records on RIPE are correct, but still getting CannotParseValidCertificateFromRIRPage.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.