IoT Cloud Certificate creation issue

[a1ext]

Hi, I'm trying to register my new portenta x8 with an Arduino iot-cloud, given it API key but it fails telling some strange errors like following (in the browser):

error: "unable to load certificate\n548482407496:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE\n"

I started digging into the problem, it seems like it is under provisioner container.

• it successfully gets an access_token from give API keys
• it successfully registers a new device in the inventory (/iot/v2/devices request), so I get UUID
• it successfully generates CSR
• it FAILS on attempt to submit new CSR ( PUT "${API_URL}/iot/v2/devices/${DEVICE_ID}/certs" request). the error I see is the following:

{"id":"UdUtHwDG","code":"precondition_failed","status":412,"detail":"\u0026{context.Background.WithValue(goa.key, *goa.adapter).WithCancel.WithValue(goa.key, *goaarduinologger.adapter).WithValue(app.authMiddlewareKey, goa.Middleware).WithValue(goa.key, DevicesV2CertsController).WithValue(goa.key, create).WithValue(goa.key, *goa.ResponseData).WithValue(goa.key, *goa.RequestData).WithValue(goa.key, *goaarduinologger.adapter).WithValue(goa.key, *goaarduinologger.adapter).WithValue(middleware.middlewareKey, Pd9XOJxO2Z-728649).WithValue(logging.loggerKeyType, *logrus.Entry).WithValue(goa.key, *goaarduinologger.adapter).WithValue(auth-approved-by, JWTAuthenticator[HMACIssuer]).WithValue(auth-subject, *auth.User).WithValue(auth-params, auth.Params).WithValue(goa.key, []string) 0xc026364580 0xc0218c01e0 d48cc278-845d-4143-b798-1f4d6580dbdc 0xc0218c0200}","meta":{"CA KEY Arduino not available":"MISSING"}}

So the error states CA KEY Arduino not available, but it is hardcoded here https://github.com/arduino/portenta-containers/blob/main/arduino-iot-cloud-provisioning/provisioning.sh#L171

    DEVICE_CERT=$(curl --silent --location                                                     \
                       --request PUT "${API_URL}/iot/v2/devices/${DEVICE_ID}/certs"            \
                       --header "Accept: application/json"                                     \
                       --header "Content-Type: application/json"                               \
                       --header "X-Organization: ${ORG_ID}"                                    \
                       --header "Authorization: Bearer ${ACCESS_TOKEN}"                        \
                       --data-raw "{\"ca\":\"Arduino\",\"csr\":\"${CSR}\",\"enabled\":true}" | \
                  jq .pem | tr -d '"')
    if [ $? -ne 0 ] || [ -z "$DEVICE_CERT" ] || [ "$DEVICE_CERT" == "null" ]; then
        echo -e $FAILURE
        return 1
    fi

so that request fails and /tmp/device-certificate.pem becomes empty which later will cause the initial error error: "unable to load certificate\n548482407496:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE\n"