You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by "Patrick W." <wa...@hotmail.com> on 2016/09/02 08:28:14 UTC

api uploadsslcert encoding issue

Has someone managed to upload a certificate, its chain and its key in a single call, using the uploadsslcert API command?

I've done attempts with cloudmonkey, in python, etc. tried all possible formatting and encoding combinations but I always get errors

- Expected X509 certificate. Failed due to String index out of range:
- Error parsing certificate data Invalid certificate format. Expected X509 certificate
- Error parsing certificate data Invalid Certificate format. Failed due to problem parsing cert: java.security.cert.CertificateException: java.io.IOException: corrupted stream - out of bounds length found

Has anybody succeeded with this? if yes, I'd be interested to reuse the exact same approach.

thanks!

Re: api uploadsslcert encoding issue

Posted by Adrian Sender <as...@testlabs.com.au>.

Hi Patrick,

I have tested updating console proxy with uploadsslcert with 4.3.x, 4.5.1, and
everything appeared to work ok for me.


URL Decoder/Encoder

You will need to encode your root SSL so the API call accepts it and stores it
in the database correctly.

http://meyerweb.com/eric/tools/dencoder/

There appears to be a bug in cloudstack and old keys are not deleted, you may
have to delete them otherwise the console proxy SSL certificate will not work
correctly.

#create backup of db.

mysql> select * from keystore\G
mysql> truncate table keystore;
mysql> delete from keystore where id=1;

http://172.26.7.28:8096/client/api?command=uploadCustomCertificate&id=1&name=admin&domainsuffix=test.nsp.nectar.org.au&certificate=-----BEGIN%20CERTIFICATE-----xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-----END%20CERTIFICATE-----


New URL Encoded Certificate - 2015

http://172.26.7.28:8096/client/api?command=uploadCustomCertificate&id=1&name=admin&domainsuffix=test.nsp.nectar.org.au&certificate=-----BEGIN%20CERTIFICATE-----xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-----END%20CERTIFICATE-----

Regards,
Adrian Sender



---------- Original Message -----------
From: Will Stevens <wi...@gmail.com>
To: dev@cloudstack.apache.org
Sent: Mon, 5 Sep 2016 13:46:30 -0400
Subject: Re: api uploadsslcert encoding issue

> Awesome. GJ. Thanks for reporting back. :)
> 
> On Sep 5, 2016 1:04 PM, "Patrick W." <wa...@hotmail.com> wrote:
> 
> Figured it out! some special characters within the certificate body itself
> were not correctly encoded.
> 
> In the end, all special characters, as well as all line breaks 
> should be encoded to reflect the exact certificate output and 
> format. Will look at improving the doc available out there as this 
> isn't crystal clear.
> 
> ________________________________
> From: Patrick W. <wa...@hotmail.com>
> Sent: Monday, September 5, 2016 4:50 PM
> To: dev@cloudstack.apache.org
> Subject: Re: api uploadsslcert encoding issue
> 
> I'm using 4.5.2
> 
> Yes you are right, I saw this issue:
> https://issues.apache.org/jira/browse/CLOUDSTACK-6864
> but it was resolved in 4.4
> 
> Moreover I've tried the double encoding trick.
> 
> ________________________________
> From: Will Stevens <wi...@gmail.com>
> Sent: Monday, September 5, 2016 4:42 PM
> To: dev@cloudstack.apache.org
> Subject: Re: api uploadsslcert encoding issue
> 
> What acs version are you using? I believe there was a problem with double
> encoding in some older releases.
> 
> Maybe someone else can weigh in who knows for sure.
> 
> On Sep 5, 2016 10:27 AM, "Patrick W." <wa...@hotmail.com> wrote:
> 
> > Has someone managed to upload a certificate, its chain and its key in a
> > single call, using the uploadsslcert API command?
> >
> > I've done attempts with cloudmonkey, in python, etc. tried all possible
> > formatting and encoding combinations but I always get errors
> >
> > - Expected X509 certificate. Failed due to String index out of range:
> > - Error parsing certificate data Invalid certificate format. Expected X509
> > certificate
> > - Error parsing certificate data Invalid Certificate format. Failed due to
> > problem parsing cert: java.security.cert.CertificateException:
> > java.io.IOException: corrupted stream - out of bounds length found
> >
> > Has anybody succeeded with this? if yes, I'd be interested to reuse the
> > exact same approach.
> >
> > thanks!
> >
------- End of Original Message -------

Re: api uploadsslcert encoding issue

Posted by Will Stevens <wi...@gmail.com>.

Awesome. GJ. Thanks for reporting back. :)

On Sep 5, 2016 1:04 PM, "Patrick W." <wa...@hotmail.com> wrote:

Figured it out! some special characters within the certificate body itself
were not correctly encoded.

In the end, all special characters, as well as all line breaks should be
encoded to reflect the exact certificate output and format. Will look at
improving the doc available out there as this isn't crystal clear.

________________________________
From: Patrick W. <wa...@hotmail.com>
Sent: Monday, September 5, 2016 4:50 PM
To: dev@cloudstack.apache.org
Subject: Re: api uploadsslcert encoding issue

I'm using 4.5.2

Yes you are right, I saw this issue:
https://issues.apache.org/jira/browse/CLOUDSTACK-6864
but it was resolved in 4.4

Moreover I've tried the double encoding trick.

________________________________
From: Will Stevens <wi...@gmail.com>
Sent: Monday, September 5, 2016 4:42 PM
To: dev@cloudstack.apache.org
Subject: Re: api uploadsslcert encoding issue

What acs version are you using? I believe there was a problem with double
encoding in some older releases.

Maybe someone else can weigh in who knows for sure.

On Sep 5, 2016 10:27 AM, "Patrick W." <wa...@hotmail.com> wrote:

> Has someone managed to upload a certificate, its chain and its key in a
> single call, using the uploadsslcert API command?
>
> I've done attempts with cloudmonkey, in python, etc. tried all possible
> formatting and encoding combinations but I always get errors
>
> - Expected X509 certificate. Failed due to String index out of range:
> - Error parsing certificate data Invalid certificate format. Expected X509
> certificate
> - Error parsing certificate data Invalid Certificate format. Failed due to
> problem parsing cert: java.security.cert.CertificateException:
> java.io.IOException: corrupted stream - out of bounds length found
>
> Has anybody succeeded with this? if yes, I'd be interested to reuse the
> exact same approach.
>
> thanks!
>

Re: api uploadsslcert encoding issue

Posted by "Patrick W." <wa...@hotmail.com>.

Figured it out! some special characters within the certificate body itself were not correctly encoded.

In the end, all special characters, as well as all line breaks should be encoded to reflect the exact certificate output and format. Will look at improving the doc available out there as this isn't crystal clear.

________________________________
From: Patrick W. <wa...@hotmail.com>
Sent: Monday, September 5, 2016 4:50 PM
To: dev@cloudstack.apache.org
Subject: Re: api uploadsslcert encoding issue

I'm using 4.5.2

Yes you are right, I saw this issue:
https://issues.apache.org/jira/browse/CLOUDSTACK-6864
but it was resolved in 4.4

Moreover I've tried the double encoding trick.

________________________________
From: Will Stevens <wi...@gmail.com>
Sent: Monday, September 5, 2016 4:42 PM
To: dev@cloudstack.apache.org
Subject: Re: api uploadsslcert encoding issue

What acs version are you using? I believe there was a problem with double
encoding in some older releases.

Maybe someone else can weigh in who knows for sure.

On Sep 5, 2016 10:27 AM, "Patrick W." <wa...@hotmail.com> wrote:

> Has someone managed to upload a certificate, its chain and its key in a
> single call, using the uploadsslcert API command?
>
> I've done attempts with cloudmonkey, in python, etc. tried all possible
> formatting and encoding combinations but I always get errors
>
> - Expected X509 certificate. Failed due to String index out of range:
> - Error parsing certificate data Invalid certificate format. Expected X509
> certificate
> - Error parsing certificate data Invalid Certificate format. Failed due to
> problem parsing cert: java.security.cert.CertificateException:
> java.io.IOException: corrupted stream - out of bounds length found
>
> Has anybody succeeded with this? if yes, I'd be interested to reuse the
> exact same approach.
>
> thanks!
>

Re: api uploadsslcert encoding issue

Posted by "Patrick W." <wa...@hotmail.com>.

I'm using 4.5.2

Yes you are right, I saw this issue:
https://issues.apache.org/jira/browse/CLOUDSTACK-6864
but it was resolved in 4.4

Moreover I've tried the double encoding trick.

________________________________
From: Will Stevens <wi...@gmail.com>
Sent: Monday, September 5, 2016 4:42 PM
To: dev@cloudstack.apache.org
Subject: Re: api uploadsslcert encoding issue

What acs version are you using? I believe there was a problem with double
encoding in some older releases.

Maybe someone else can weigh in who knows for sure.

On Sep 5, 2016 10:27 AM, "Patrick W." <wa...@hotmail.com> wrote:

> Has someone managed to upload a certificate, its chain and its key in a
> single call, using the uploadsslcert API command?
>
> I've done attempts with cloudmonkey, in python, etc. tried all possible
> formatting and encoding combinations but I always get errors
>
> - Expected X509 certificate. Failed due to String index out of range:
> - Error parsing certificate data Invalid certificate format. Expected X509
> certificate
> - Error parsing certificate data Invalid Certificate format. Failed due to
> problem parsing cert: java.security.cert.CertificateException:
> java.io.IOException: corrupted stream - out of bounds length found
>
> Has anybody succeeded with this? if yes, I'd be interested to reuse the
> exact same approach.
>
> thanks!
>

Re: api uploadsslcert encoding issue

Posted by Will Stevens <wi...@gmail.com>.

What acs version are you using? I believe there was a problem with double
encoding in some older releases.

Maybe someone else can weigh in who knows for sure.

On Sep 5, 2016 10:27 AM, "Patrick W." <wa...@hotmail.com> wrote:

> Has someone managed to upload a certificate, its chain and its key in a
> single call, using the uploadsslcert API command?
>
> I've done attempts with cloudmonkey, in python, etc. tried all possible
> formatting and encoding combinations but I always get errors
>
> - Expected X509 certificate. Failed due to String index out of range:
> - Error parsing certificate data Invalid certificate format. Expected X509
> certificate
> - Error parsing certificate data Invalid Certificate format. Failed due to
> problem parsing cert: java.security.cert.CertificateException:
> java.io.IOException: corrupted stream - out of bounds length found
>
> Has anybody succeeded with this? if yes, I'd be interested to reuse the
> exact same approach.
>
> thanks!
>

api uploadsslcert encoding issue

Posted by "Patrick W." <wa...@hotmail.com>.

Has someone managed to upload a certificate, its chain and its key in a single call, using the uploadsslcert API command?

I've done attempts with cloudmonkey, in python, etc. tried all possible formatting and encoding combinations but I always get errors

- Expected X509 certificate. Failed due to String index out of range:
- Error parsing certificate data Invalid certificate format. Expected X509 certificate
- Error parsing certificate data Invalid Certificate format. Failed due to problem parsing cert: java.security.cert.CertificateException: java.io.IOException: corrupted stream - out of bounds length found

Has anybody succeeded with this? if yes, I'd be interested to reuse the exact same approach.

thanks!