cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adrian Sender" <asen...@testlabs.com.au>
Subject Re: api uploadsslcert encoding issue
Date Wed, 07 Sep 2016 01:03:08 GMT
Hi Patrick,

I have tested updating console proxy with uploadsslcert with 4.3.x, 4.5.1, and
everything appeared to work ok for me.


URL Decoder/Encoder

You will need to encode your root SSL so the API call accepts it and stores it
in the database correctly.

http://meyerweb.com/eric/tools/dencoder/

There appears to be a bug in cloudstack and old keys are not deleted, you may
have to delete them otherwise the console proxy SSL certificate will not work
correctly.

#create backup of db.

mysql> select * from keystore\G
mysql> truncate table keystore;
mysql> delete from keystore where id=1;

http://172.26.7.28:8096/client/api?command=uploadCustomCertificate&id=1&name=admin&domainsuffix=test.nsp.nectar.org.au&certificate=-----BEGIN%20CERTIFICATE-----xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-----END%20CERTIFICATE-----


New URL Encoded Certificate - 2015

http://172.26.7.28:8096/client/api?command=uploadCustomCertificate&id=1&name=admin&domainsuffix=test.nsp.nectar.org.au&certificate=-----BEGIN%20CERTIFICATE-----xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-----END%20CERTIFICATE-----

Regards,
Adrian Sender



---------- Original Message -----------
From: Will Stevens <williamstevens@gmail.com>
To: dev@cloudstack.apache.org
Sent: Mon, 5 Sep 2016 13:46:30 -0400
Subject: Re: api uploadsslcert encoding issue

> Awesome. GJ. Thanks for reporting back. :)
> 
> On Sep 5, 2016 1:04 PM, "Patrick W." <warswe@hotmail.com> wrote:
> 
> Figured it out! some special characters within the certificate body itself
> were not correctly encoded.
> 
> In the end, all special characters, as well as all line breaks 
> should be encoded to reflect the exact certificate output and 
> format. Will look at improving the doc available out there as this 
> isn't crystal clear.
> 
> ________________________________
> From: Patrick W. <warswe@hotmail.com>
> Sent: Monday, September 5, 2016 4:50 PM
> To: dev@cloudstack.apache.org
> Subject: Re: api uploadsslcert encoding issue
> 
> I'm using 4.5.2
> 
> Yes you are right, I saw this issue:
> https://issues.apache.org/jira/browse/CLOUDSTACK-6864
> but it was resolved in 4.4
> 
> Moreover I've tried the double encoding trick.
> 
> ________________________________
> From: Will Stevens <williamstevens@gmail.com>
> Sent: Monday, September 5, 2016 4:42 PM
> To: dev@cloudstack.apache.org
> Subject: Re: api uploadsslcert encoding issue
> 
> What acs version are you using? I believe there was a problem with double
> encoding in some older releases.
> 
> Maybe someone else can weigh in who knows for sure.
> 
> On Sep 5, 2016 10:27 AM, "Patrick W." <warswe@hotmail.com> wrote:
> 
> > Has someone managed to upload a certificate, its chain and its key in a
> > single call, using the uploadsslcert API command?
> >
> > I've done attempts with cloudmonkey, in python, etc. tried all possible
> > formatting and encoding combinations but I always get errors
> >
> > - Expected X509 certificate. Failed due to String index out of range:
> > - Error parsing certificate data Invalid certificate format. Expected X509
> > certificate
> > - Error parsing certificate data Invalid Certificate format. Failed due to
> > problem parsing cert: java.security.cert.CertificateException:
> > java.io.IOException: corrupted stream - out of bounds length found
> >
> > Has anybody succeeded with this? if yes, I'd be interested to reuse the
> > exact same approach.
> >
> > thanks!
> >
------- End of Original Message -------


Mime
View raw message