cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saksham Srivastava <saksham.srivast...@citrix.com>
Subject RE: Unable to upload SSL certificate
Date Wed, 11 Jun 2014 05:56:56 GMT
Fixed the issue in CLOUDSTACK-6864
Now we should not require double encoding in the API.

Thanks,
Saksham

-----Original Message-----
From: Saksham Srivastava 
Sent: Thursday, June 5, 2014 7:54 PM
To: 'Syed Ahmed'
Cc: Vijay Venkatachalam; dev@cloudstack.apache.org
Subject: RE: Unable to upload SSL certificate

Syed,

The certificate in the mentioned call is already UTF-8 encoded of the raw plain-text certificate.
To make the api work I had to doubly encode the cert and key .

I guess it will be good to have this mentioned in the FS/docs as there is no UI for this and
also a sample api call can help a lot.

Thanks,
Saksham 

-----Original Message-----
From: Syed Ahmed [mailto:sahmed@cloudops.com]
Sent: Thursday, June 5, 2014 6:23 AM
To: Saksham Srivastava
Cc: Vijay Venkatachalam; dev@cloudstack.apache.org
Subject: Re: Unable to upload SSL certificate

Can you try to encode the certificate before passing it as the param?

-Syed

On Wed 04 Jun 2014 09:01:19 AM EDT, Saksham Srivastava wrote:
> Adding Syed,
>
> I debugged the issue and here are my findings:
>
> The api is failing at CertServiceimpl: parseCertificate()
>
> return (Certificate) certPem.readObject();
>
> readObject method is failing.
>
> I tried to use the certificate used in the test 
> runUploadSslCertSelfSignedWithPassword and other tests in CertServiceTest.java The following
is the api call:
>
> http://10.x.x.x:8096/client/api?command=uploadSslCert&certificate=----
> -BEGIN+CERTIFICATE-----%0AMIIDBjCCAe4CCQD5Q6qF5dVV0jANBgkqhkiG9w0BAQUF
> ADBFMQswCQYDVQQGEwJB%0AVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW5
> 0ZXJuZXQgV2lkZ2l0%0AcyBQdHkgTHRkMB4XDTEzMTAyMTEzNTgwNFoXDTE0MTAyMTEzNT
> gwNFowRTELMAkG%0AA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMG
> EludGVybmV0%0AIFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
> AQoCggEB%0AAN%2F7lJtiEs68IC1ZPxY9NA34z9T4AU4LPS%2FkbQtuxx4X72XOBy%2By0
> cB%2FqdMD7JNV%0Ah8Mq4URDljhSDyVPdH%2F%2BjQr%2B7kWx2gNe2R%2FDCnd%2FmeVw
> wU30JJvpGVZXt%2BMTef5N%0AQAbSfDMsuT4FaUY80InbDd24HelrjwunPdY9wwKXO6zL2
> fLjyDRediiydxcx18Vb%0ADq1cm7DRi4mNkmA3RwBQMhxGp3VsfXJ4Hy2WTRCCCxWHZphA
> h3EUJGK3idum6%2F7j%0AHbAwpM%2Ft1kNWN8PZiYDZ1HbccgjmqB7Cub10BfB9g1RByiQ
> %2FC87o5cKtQha3uuXR%0AiBcHISoDydQrgxKgUpiqEF0CAwEAATANBgkqhkiG9w0BAQUF
> AAOCAQEASvulIaVb%0Azh8z2TysE6RFoYTAYIRXghFrmqCUyyQmUVTvs6vN8iaSXr%2BWM
> QJcpgXewWcFrDhr%0AmIcyRCvF91ZYb7q6lMZFSpE6u%2FSUGIEtxGUDAfbkbQdKYmrMcb
> ggUUIvSzgUFisO%0A
Kr0H9PEO4AWtCCrtOJFc7jgu03Sv06wDxn9ghkyiBRnVkbAhoKfKnI179yKruJWR%0AA3ieEj0eFoUbeSH8hDkToj4ynpkAvEGoHjHG9j%2B8FJxy%2FPTjkyVPl1ykTs%2B2Jc1B%0ASnx8f2afdTenPWyyBm3wFuRZjEAJJLUO0kxM7E8hAwhGsr%2BXYanwcr1oA1dz6M3f%0Acq26lpjTH5ITwQ%3D%3D%0A-----END+CERTIFICATE-----%0A&privatekey=-----BEGIN+RSA+PRIVATE+KEY-----%0AProc-Type%3A+4%2CENCRYPTED%0ADEK-Info%3A+DES-EDE3-CBC%2CCCA6E4CB4C4039DD%0A%0ATaVCJtB0dE9xTZbX7GOaGJwwGHVAMjU1GbRIHf0jODdP%2BquZvbjklNqsw8Ozlia9%0Aq%2FG%2BUqtRJGlIPPLpce0YCrTo0P3eixZdMs0%2BhioAEJ4OLtL0SAC6b8q%2FgB6HRfAx%0ABvNg%2BumTqeF9YB68Tcuv%2F2g4VGKiaePQACyOzMdf7lGY7ojxoJCYZa1mfKb7jWrg%0AFLwmTtLLhNjb6CnOKo3klIef3A6zdutpgxF1gARzdRyXg4qCA3boYnwEptTOlJFu%0AovxbhDG9iuYYr4gXYSs1pLYptEC8J6iWpG%2Fqzkwfr4l5Cfg5uF00bbxQE5%2BWeRaj%0AYFicvXjB%2FkcoFZuCL7M%2FYRXYxkJ%2FEZ19xI9HZNBQ4L738StkSBKL4OhpF%2FqgYZ2y%0AZLRV6XT4AijUA0Ef7YTuUsTL7Qt9drj09gCtAzXTA7gpZBn5SqT9kWhuwSzY302l%0AKF8DIC6A52igk2QKPLbleM%2FV8eCu6n%2BJ4uF%2B0GwVRROuG7ThxAQiUlJKhoEYrndL%0AnzT7jHVLftjilhVWFu2On62bRf5t1QZuob%2B1AdK0ukvEI
VsYnN4bnlAkc99Wi6C0%0AZJd9qW5L4A9XAC2gcjr3m0Rzw3RO%2Bk17faR8YfmTuJvGyBf5fnrSFoNkrninXQXp%0Ask0ajRi4PJ4XTswLyxjWRSt3egNsZBSKnVCibca%2FQoDEdZHSKXo2FlYiUYx8JHQX%0ASPUsLl9OQKC1W8%2F%2BReryqBLHCkiGEsvT8gVaXga0uhVaqe%2BPaVur2tbOHl4yCysC%0A%2BZlnKwsC84LQsUvpENdCh%2BD7E1I1Rao9IJMR6q9azKq8Ck63cOJ1fA9xSnxJGoCA%0AIlGLttlXrR32EtzYwEnlqf1nI%2FIqNQrAXQKrP5VPzHsgMFu5uD4OEZa92Q5cVTsz%0Aap%2F1UEqiJVYUt6nuA%2BaqOUlyjC0oNtYL%2FVO4DbHTFcHa8SI2cPSS6ebPMWPGHjUm%0Al9bWa6Q9iyplCYS6hinAVsAaLVjPi1Eu9Pc8rxFCmoiJYJju5NZuGI5UBK64dqcX%0AT6trWl0kB8QY63JtnrZaoStoSPImV5KVseUKDV8TM3Y76h1nLV3MSmAD1ivk9oKs%0AVKeVrDhZBWUq9Dqre%2F%2BlVGO0a2wo5VTR8hfpf8QkODPLeyNZNdfGKzkkFLuXa8V5%0AELhLQJ3FnbEU3NEvMwikV9MhP%2FELPTkZwJr%2FNKv%2B9JLs9eXtwz29I%2FQ8byQVrCCs%0AhAuDl0zHGRnqdpdSImeS2EXGx631zGMwSe8fhKelni5h6hXrXz52asr0k30BxWjf%0AWUn1uTInwVjWGy9B5j3mZlVDotFbvVAZgtR0IoFwihPl4VZd9oS13l%2BhMfrTy1YZ%0A8xFNg8ZqUQ0lSmKfOVqSBT0lP8tM8LuGxgY4cWluhsAQxR5Nl7wkundnqjcwEDDu%0AJz2rD54St1EZYGLDJZSfC7mpG2PgodsdeopQCTyFhHWa8s3caZ40GFOwaR%2B%2F5%2BYF
%0A1oRvkR1Yr4qIS7KbX4xsaFfAA5b8QfLA74L05PAgDwKofam2GFAlAKHOcI6mexPq%0AaySON9MNdnXBNxs16mBJLzCX5ljQb0ilJildVEI3aVmABptM4ehEiw%3D%3D%0A-----END+RSA+PRIVATE+KEY-----%0A&password=test
>
> and the api fails with "Invalid Certificate format. Expected X509 certificate"
>
> Since all the tests pass, I am assuming a problem with the api encoding format.
> Can someone point to a working api call for the same.
>
> Thanks,
> Saksham
>
>
> -----Original Message-----
> From: Sujaya Maiyya (Intern) [mailto:sujaya.maiyya@citrix.com]
> Sent: Tuesday, June 3, 2014 2:36 PM
> To: dev@cloudstack.apache.org
> Cc: Vijay Venkatachalam
> Subject: Unable to upload SSL certificate
>
> Hi,
>    I am trying to upload an SSL certificate to Cloudstack using uploadSslCert API since
4.3 version does not have UI support for the same. And I am getting following exception:
>                  Invalid Certificate format. Expected X509 certificate
>
> The certificate, private key and certificate-chain are URL encoded and sent to the Cloudstack
using a GET on 8096 port. On debugging, it was found that some characters were missing from
certificate after it was decoded from the URL which is the cause of the exception.
>
> I am unable to figure out the reason, so can you please throw some light on why are some
characters missing after decoding the certificate from the URL?
>
> Thank you,
> Sujaya
>


Mime
View raw message