cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Bierce <>
Subject Re: Uploading SSL certs with multiple intermediates using cloudmonkey
Date Fri, 02 May 2014 23:23:12 GMT
On Fri, May 2, 2014 at 4:55 PM, Amogh Vasekar <>wrote:

> Hi,
> On 5/2/14 2:41 PM, "David Bierce" <> wrote:
> >upload  customcertificate id=2 certificate=URLENCODEDCERTIFICATE
> >domainsuffix=YOUR.DOMAIN name=intermediate_ca_1
> >upload  customcertificate id=2 certificate=URLENCODEDCERTIFICATE
> >domainsuffix=YOUR.DOMAIN name=intermediate_ca_2
> >upload  customcertificate id=2 certificate=URLENCODEDCERTIFICATE
> >domainsuffix=YOUR.DOMAIN name=intermediate_ca_3
> The id's need to be different (2,3,4 etc.)
> Also, you can try to invoke API directly by using URL encoded certificate,
> and using the session key for authentication.

In the database you need to increment because things are stored with an ID
column as the table key, but since cloudmonkey uses the API ID specifies
the certificate type, not a unique id for the certificate.  id=1 for root,
id=2 for intermediate, id=3 for site certificate.  In the case of multiple
intermediate certs, it should be set id=2 (intermediate) , and the name
needs to be unique.

Without going into the API, how things are stored in the keystore are
pretty well explained here.

I'm not sure cloud monkey would work - you are passing a URL encoded
> certificate, and cloud monkey will encode it again resulting in a double
> encoding.

Doing it completely from a urlencoded API call works great but some people
just want to use cloudmonkey :)

In Cloudmonkey 5.0 on Centos 6.4, It was very difficult to get cloudmonkey
to transform the input into an appropriate API call.  I originally tried
quotes and replaced the line breaks with \n but it did not correctly parse
the the spaces.  When I used strong quotes, the quotes were included
urlencoded in the API call.  When I added it as a single URL encoded
string, it wasn't double encoded and it was passed on the database with the
appropriate spaces and breaks.  It was odd that it didn't get double
encoded, by there doesn't seem to be an easy way to pass a value in
cloudmonkey that contains space and linebreaks like an SSL cert requires.
 The method posted does work.

> Thanks,
> Amogh

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message