Azure sdk for Go - accessing azure classic api with cert using go


New to Go - first task I’m putting it to use for is to query for information from the older Azure ‘classic’ api, a.k.a Azure Service Management API.

MS made an SDK to use Go with azure:

I’ve successfully used it to call the ARM azure api (new/current model) but I have a need to hit the older classic api. I see the sdk supports this here:

^ thats shows several packages specifically for ‘classic’. The issue I’m having is that for ARM, I provide essentially what is an api id and key, which there are examples for as it’s the most common use, however for these classic packages I must use a certificate. I have the certificate which was made on windows (a .cer file which has public key and is uploaded to azure, and a .pfx file which contains the private key and is on my local machine). I can’t find examples anywhere on how I am supposed to actually use this certificate to authenticate to azure.

From the previous link I assume I start in this package:

which has a function with this signature:
func NewClient(subscriptionID string, managementCert []byte) (Client, error)


I have no idea how to get from where I am now, having a pfx file, to correctly calling this function? I see it takes the cert as a byte slice, but I don’t know if the pfx is in the right format to begin with and/or how to get it into a byte slice?

Any help/guidance would be much appreciated.


For others that may come across this:

  1. I used openssl to convert the pfx file into a pem file that contained both the public and private keys. In my case I used windows subsystem for linux (ubuntu on bash) for easier access to the openssl tool. Accessing the pfx already on my windows file system FROM the linux subsystem is safe/fine, but not the other way around. In other words, using openssl from linux subsystem to do the conversion of the file on the windows filesystem is fine, the linux tools can write to the windows filesystem without issue using the /mnt/c mount (or /mnt/d, /mnt/e etc). However you cannot use windows tools to edit files on the linux file system.

  2. Then, code like so to get going, this initial client gets used as input to creating the other service specific clients:
    Your imports will need the classic/management line like so:
    import “

     subID := "your azure subscription id"
     certBytes, err := ioutil.ReadFile("/util/ForAzureClassic.pem")
     if err != nil {
     classicClient, err := management.NewClient(subID, certBytes)
     if err != nil {

Now that classicClient variable gets used when creating service specific clients, like for vnets, or virtual machines, etc…

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.