cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Bierce <david.bie...@appcore.com>
Subject Uploading SSL certs with multiple intermediates using cloudmonkey
Date Fri, 02 May 2014 21:41:44 GMT
I tried adding the certificates using cloudmonkey by doing single/double quotes around the
certificate as well as manually replacing line breaks with \n and quoting but none of those
methods inserted into the database correctly.

With one of our installs, the wildcard cert was issued by Comodo which has multiple intermediate
certificates, 3 to be exact.  I was able to use Cloudmonkey as long as I URL encoded the certificate
first. Encoding it something like this.

-----BEGIN%20CERTIFICATE—--%0AMIIELTGljZW5zZWQgdG8gdGhlIEFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uIChBU0YpIHVuZGVyIG9uZQpvciBtb3JlIGNvbnRyaWJ1dG9yIGxpY2Vuc2UgYWdyZWVtZW50cy4gIFNlZSB0aGUgTk9USUNFIGZpbGUKZGlzdHJpYnV0ZWQgd2l0aCB0aGlzIHdvcmsgZm9yIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24KcmVnYXJkaW5nIGNvcHlyaWdodCBvd25lcnNoaXAuICBUaGUgQVNGIGxpY2Vuc2VzIHRoaXMgZmlsZQp0byB5b3UgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlCiJMaWNlbnNlIik7IHlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2UKd2l0aCB0aGUgTGljZW5zZS4gIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKClVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywKc29mdHdhcvvE%3D%0A-----END%20CERTIFICATE-----

Installed the root certificate like this:

upload  customcertificate id=1 certificate=URLENCODEDCERTIFICATE domainsuffix=YOUR.DOMAIN
name=root

Then installed each of the intermediates like this:

upload  customcertificate id=2 certificate=URLENCODEDCERTIFICATE domainsuffix=YOUR.DOMAIN
name=intermediate_ca_1
upload  customcertificate id=2 certificate=URLENCODEDCERTIFICATE domainsuffix=YOUR.DOMAIN
name=intermediate_ca_2
upload  customcertificate id=2 certificate=URLENCODEDCERTIFICATE domainsuffix=YOUR.DOMAIN
name=intermediate_ca_3

After that, I could use the UI to install the Certificate and Key to finish the process.

Finally I restarted Secondary Storage and Console Proxy vms.

If there is a simpler way to perform these actions, please share, but with the realhostip
change coming, I thought it would be useful to share a relatively easy way to install a long
cert chain into cloudstack with as much copy and past as possible.




David Bierce

Office +1.800.735.7104 | Direct +1.515.612.7801
david.bierce@appcore.com | www.appcore.com
Mime
View raw message