Adding Certificate Does Not Create SNI

Questions
1

I am attempting to add a SSL certificate to Kong 1.0 and I am not getting this to work as expected. I add the certificate with:

curl -i -m 60 -X POST http://localhost:8001/certificates -F "cert=$(cat cert.pem)" -F "key=$(cat key.pem)" -F "snis=domain.net"

Then I get this response:

{
    "created_at": 1422386534,
    "cert": "-----BEGIN CERTIFICATE-----...",
    "key": "-----BEGIN RSA PRIVATE KEY-----..."
    "snis": [ ]
}

I do not seem to be getting the certificate id or creating the SNI. Am I doing something wrong here?

2

Hello @Darrell_Henderson,

It looks like you’re passing the snis field as a string and not as an array. Alternatively, you can add the sni for a given certificate separately in its own /snis endpoint

3

Thanks, @Raimon_Grau,

I have tried passing in multiple SNI’s separated by commas, and I get the same response. I also can not use the /snis endpoint because I am not given a certificate id. Attempting to find the certificate id with GET /certificates gives me similar data.

4

Could you try with this format for passing arrays: -F "snis[]=domain.net". This should send the parameter formated as an array.

Still, very strange that you’re not getting the “id” back (can’t reproduce that behavior in 1.0.0).

5

Ahh that did it. Using the array format it added the SNI and when I look at the GET /snis there is a certificate ID. However no cigar. My connection still has the self signed certificate.

It might also be helpful to mention that I am using docker 1.0.0rc3-alpine.

6

Kong 1.0.0 was just released today, would you try with that, to confirm it’s not working with the latest available Kong?

7

I have a work around going right now. I will update when I have a proper solution in place.

8

Having the same problem on Kong CE 1.3.0:

Adding a new certificate with -F “snis=example.tld, example2.tld,example3.tld” (as found in the docs) does not add the snis object, it stays empty.

Adding a certificate with -F “snis[]=example.tld” -F “snis[]=example2.tld” -F “snis[]=example3.tld” does only save the last array entry (“example3.tld”) as a snis object.

So how do I correctly add a new certificate with several entries in a snis object? (using urlencoded (–data) does not work while I use files as input for cert and key)

9

Ok, I finally found a solution that is working:

curl -X POST -F "cert=@/path/to/cert.pem" -F "key=@/path/to/key.pem" -F "snis[0]=example.tld" -F "snis[1]=example2.tld" -F "snis[2]=example3.tld"

So it seems as if I have to explicitly state the array index. At least this works (for anyone coming by here with the same probs).

1 Like