SSLHandshake Error When Accessing KeyVault Using Private Endpoint

Question

Okay, this might be a lengthy one.

So my objective is to fetch a secret from a KeyVault and print it in the console. It is a basic app that I am using to learn about Azure and Spring Boot.

So I created KeyVault and saved a secret value in there. But I was getting endless SSL Handshake errors. So someone suggested that I need a Private Endpoint to fetch the resource on my local laptop. So delved into it, read a lot of articles and guides. And now I am stuck in the same place. I still get SSL Handshake Errors.

I am on my company VPN and am trying via my company's proxy.

So here is what I did.

1. I created a KeyVault and stored a secret key. I did my app registration in the azure active directory. I am using Vault based access for my key vault. My KeyVault looks like this.

Then I created a Virtual Network. Whose details look like this:

And the subnet page:

Then on the KeyVault Networking page:

And my Private Endpoint Page:

But with this setup I was getting ForbiddenByFirewall or something on those lines. So out of a hunch, I just added my local and proxy IP as the client IP on the Firewall section of the networking page.

And now I am back to getting SSL handshake errors. I am on the verge of giving up. Its been a week of reading and trying different things out.

My SpringBoot application properties look like this:

debug=false
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-id=My_CLIENT_ID
spring.cloud.azure.keyvault.secret.property-sources[0].credential.client-secret=MY-CLIENT_SECRET
spring.cloud.azure.keyvault.secret.property-sources[0].profile.tenant-id=MY_TENANT_ID
spring.cloud.azure.keyvault.secret.property-sources[0].endpoint=https://keyvault-demo-testing.vault.azure.net/
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.hostname=MY_COMPANY_PROXY
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.port=8080
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.password=password
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.username=anonymous
spring.cloud.azure.keyvault.secret.property-sources[0].proxy.type=HTTP
spring.cloud.azure.keyvault.secret.property-sources[0].client.connect-timeout=20000
spring.datasource.url=jdbc:postgresql://localhost:5432/postgres
spring.datasource.username=postgres
spring.datasource.password=temp123

And the error that I get is:

2023-06-28 19:52:07.449  INFO 17988 --- [  restartedMain] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2023-06-28 19:52:07.449  INFO 17988 --- [  restartedMain] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 2551 ms
2023-06-28 19:52:08.014  INFO 17988 --- [  restartedMain] AbstractAzureServiceClientBuilderFactory : Will configure the default credential of type DefaultAzureCredential for class com.azure.identity.DefaultAzureCredentialBuilder.
2023-06-28 19:52:08.227  INFO 17988 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2023-06-28 19:52:08.232  INFO 17988 --- [  restartedMain] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 1 endpoint(s) beneath base path '/actuator'
2023-06-28 19:52:08.293  INFO 17988 --- [  restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2023-06-28 19:52:08.349  INFO 17988 --- [  restartedMain] c.example.demo.KeyvaultDemoApplication   : Started KeyvaultDemoApplication in 13.215 seconds (JVM running for 14.61)
2023-06-28 19:52:08.422  INFO 17988 --- [  restartedMain] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2023-06-28 19:52:08.422 ERROR 17988 --- [  restartedMain] c.a.identity.WorkloadIdentityCredential  : WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/java/identity/workloadidentitycredential/troubleshoot
2023-06-28 19:52:08.440  INFO 17988 --- [  restartedMain] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential WorkloadIdentityCredential is unavailable.
2023-06-28 19:52:08.485  INFO 17988 --- [nPool-worker-19] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2023-06-28 19:52:08.727  INFO 17988 --- [nPool-worker-19] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential AzureDeveloperCliCredential is unavailable.
2023-06-28 19:52:08.791  INFO 17988 --- [nPool-worker-19] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2023-06-28 19:52:08.951 ERROR 17988 --- [nPool-worker-19] c.a.i.i.WindowsCredentialAccessor        : Element not found.
2023-06-28 19:52:08.952  INFO 17988 --- [nPool-worker-19] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential IntelliJCredential is unavailable.
2023-06-28 19:52:11.105  INFO 17988 --- [nPool-worker-19] com.azure.identity.AzureCliCredential    : Azure Identity => getToken() result for scopes [https://vault.azure.net/.default]: SUCCESS
2023-06-28 19:52:11.105  INFO 17988 --- [nPool-worker-19] c.azure.identity.ChainedTokenCredential  : Azure Identity => Attempted credential AzureCliCredential returns a token
2023-06-28 19:52:11.114  INFO 17988 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : {"az.sdk.message":"Acquired a new access token."}
2023-06-28 19:52:21.928 ERROR 17988 --- [  restartedMain] c.a.c.http.netty.NettyAsyncHttpClient    : io.netty.handler.ssl.SslHandshakeTimeoutException: handshake timed out after 10000ms
2023-06-28 19:52:21.939  WARN 17988 --- [ctor-http-nio-3] r.netty.http.client.HttpClientConnect    : [b9fc19b5, L:/135.75.71.239:64554 - R:keyvault-demo-testing.vault.azure.net/20.62.134.229:443] The connection observed an error

io.netty.handler.ssl.SslHandshakeTimeoutException: handshake timed out after 10000ms
        at io.netty.handler.ssl.SslHandler$7.run(SslHandler.java:2125) ~[netty-handler-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:153) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569) ~[netty-transport-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.92.Final.jar:4.1.92.Final]
        at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]