Hi Patrick, I have tested updating console proxy with uploadsslcert with 4.3.x, 4.5.1, and everything appeared to work ok for me.
URL Decoder/Encoder You will need to encode your root SSL so the API call accepts it and stores it in the database correctly. http://meyerweb.com/eric/tools/dencoder/ There appears to be a bug in cloudstack and old keys are not deleted, you may have to delete them otherwise the console proxy SSL certificate will not work correctly. #create backup of db. mysql> select * from keystore\G mysql> truncate table keystore; mysql> delete from keystore where id=1; http://172.26.7.28:8096/client/api?command=uploadCustomCertificate&id=1&name=admin&domainsuffix=test.nsp.nectar.org.au&certificate=-----BEGIN%20CERTIFICATE-----xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-----END%20CERTIFICATE----- New URL Encoded Certificate - 2015 http://172.26.7.28:8096/client/api?command=uploadCustomCertificate&id=1&name=admin&domainsuffix=test.nsp.nectar.org.au&certificate=-----BEGIN%20CERTIFICATE-----xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-----END%20CERTIFICATE----- Regards, Adrian Sender ---------- Original Message ----------- From: Will Stevens <williamstev...@gmail.com> To: dev@cloudstack.apache.org Sent: Mon, 5 Sep 2016 13:46:30 -0400 Subject: Re: api uploadsslcert encoding issue > Awesome. GJ. Thanks for reporting back. :) > > On Sep 5, 2016 1:04 PM, "Patrick W." <war...@hotmail.com> wrote: > > Figured it out! some special characters within the certificate body itself > were not correctly encoded. > > In the end, all special characters, as well as all line breaks > should be encoded to reflect the exact certificate output and > format. Will look at improving the doc available out there as this > isn't crystal clear. > > ________________________________ > From: Patrick W. <war...@hotmail.com> > Sent: Monday, September 5, 2016 4:50 PM > To: dev@cloudstack.apache.org > Subject: Re: api uploadsslcert encoding issue > > I'm using 4.5.2 > > Yes you are right, I saw this issue: > https://issues.apache.org/jira/browse/CLOUDSTACK-6864 > but it was resolved in 4.4 > > Moreover I've tried the double encoding trick. > > ________________________________ > From: Will Stevens <williamstev...@gmail.com> > Sent: Monday, September 5, 2016 4:42 PM > To: dev@cloudstack.apache.org > Subject: Re: api uploadsslcert encoding issue > > What acs version are you using? I believe there was a problem with double > encoding in some older releases. > > Maybe someone else can weigh in who knows for sure. > > On Sep 5, 2016 10:27 AM, "Patrick W." <war...@hotmail.com> wrote: > > > Has someone managed to upload a certificate, its chain and its key in a > > single call, using the uploadsslcert API command? > > > > I've done attempts with cloudmonkey, in python, etc. tried all possible > > formatting and encoding combinations but I always get errors > > > > - Expected X509 certificate. Failed due to String index out of range: > > - Error parsing certificate data Invalid certificate format. Expected X509 > > certificate > > - Error parsing certificate data Invalid Certificate format. Failed due to > > problem parsing cert: java.security.cert.CertificateException: > > java.io.IOException: corrupted stream - out of bounds length found > > > > Has anybody succeeded with this? if yes, I'd be interested to reuse the > > exact same approach. > > > > thanks! > > ------- End of Original Message -------
