Adding Certificate Does Not Create SNI

I am attempting to add a SSL certificate to Kong 1.0 and I am not getting this to work as expected. I add the certificate with:

curl -i -m 60 -X POST http://localhost:8001/certificates -F "cert=$(cat cert.pem)" -F "key=$(cat key.pem)" -F ""

Then I get this response:

    "created_at": 1422386534,
    "cert": "-----BEGIN CERTIFICATE-----...",
    "key": "-----BEGIN RSA PRIVATE KEY-----..."
    "snis": [ ]

I do not seem to be getting the certificate id or creating the SNI. Am I doing something wrong here?

Hello @Darrell_Henderson,

It looks like you’re passing the snis field as a string and not as an array. Alternatively, you can add the sni for a given certificate separately in its own /snis endpoint

Thanks, @Raimon_Grau,

I have tried passing in multiple SNI’s separated by commas, and I get the same response. I also can not use the /snis endpoint because I am not given a certificate id. Attempting to find the certificate id with GET /certificates gives me similar data.

Could you try with this format for passing arrays: -F "snis[]". This should send the parameter formated as an array.

Still, very strange that you’re not getting the “id” back (can’t reproduce that behavior in 1.0.0).

Ahh that did it. Using the array format it added the SNI and when I look at the GET /snis there is a certificate ID. However no cigar. My connection still has the self signed certificate.

It might also be helpful to mention that I am using docker 1.0.0rc3-alpine.

Kong 1.0.0 was just released today, would you try with that, to confirm it’s not working with the latest available Kong?

I have a work around going right now. I will update when I have a proper solution in place.

Having the same problem on Kong CE 1.3.0:

Adding a new certificate with -F “snis=example.tld, example2.tld,example3.tld” (as found in the docs) does not add the snis object, it stays empty.

Adding a certificate with -F “snis[]=example.tld” -F “snis[]=example2.tld” -F “snis[]=example3.tld” does only save the last array entry (“example3.tld”) as a snis object.

So how do I correctly add a new certificate with several entries in a snis object? (using urlencoded (–data) does not work while I use files as input for cert and key)

Ok, I finally found a solution that is working:

curl -X POST -F "cert=@/path/to/cert.pem" -F "key=@/path/to/key.pem" -F "snis[0]=example.tld" -F "snis[1]=example2.tld" -F "snis[2]=example3.tld"

So it seems as if I have to explicitly state the array index. At least this works (for anyone coming by here with the same probs).