Adding Certificate Does Not Create SNI


#1

I am attempting to add a SSL certificate to Kong 1.0 and I am not getting this to work as expected. I add the certificate with:

curl -i -m 60 -X POST http://localhost:8001/certificates -F "cert=$(cat cert.pem)" -F "key=$(cat key.pem)" -F "snis=domain.net"

Then I get this response:

{
    "created_at": 1422386534,
    "cert": "-----BEGIN CERTIFICATE-----...",
    "key": "-----BEGIN RSA PRIVATE KEY-----..."
    "snis": [ ]
}

I do not seem to be getting the certificate id or creating the SNI. Am I doing something wrong here?


#2

Hello @Darrell_Henderson,

It looks like you’re passing the snis field as a string and not as an array. Alternatively, you can add the sni for a given certificate separately in its own /snis endpoint


#3

Thanks, @Raimon_Grau,

I have tried passing in multiple SNI’s separated by commas, and I get the same response. I also can not use the /snis endpoint because I am not given a certificate id. Attempting to find the certificate id with GET /certificates gives me similar data.


#4

Could you try with this format for passing arrays: -F "snis[]=domain.net". This should send the parameter formated as an array.

Still, very strange that you’re not getting the “id” back (can’t reproduce that behavior in 1.0.0).


#5

Ahh that did it. Using the array format it added the SNI and when I look at the GET /snis there is a certificate ID. However no cigar. My connection still has the self signed certificate.

It might also be helpful to mention that I am using docker 1.0.0rc3-alpine.


#6

Kong 1.0.0 was just released today, would you try with that, to confirm it’s not working with the latest available Kong?


#7

I have a work around going right now. I will update when I have a proper solution in place.