Certificate Object in Kong Db-less Mode

OS: Ubuntu 18.04
Kong version: 2.4.0

I was trying to put certificates cert and key with snis for my DNS in the kong.yaml

I generated the cert, key value using three different cli-tools like mkcert, openssl, certbot
e.g:
Using cert bot
sudo certbot certonly -d '*.gps-server.test' --manual --preferred-challenges dns

Using mkcert
mkcert '*.gps-server.link'

Using openssl follow the below link

https://support.konghq.com/support/s/article/How-to-setup-Kong-to-serve-an-SSL-certificate-for-API-requests

Object style 1:

certificates: 
- cert: "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----"
  key: "-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----"
  snis: 
    - 'api.gps-server.test'

Object style 2:

certificates: 
- cert: "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----"
  key: "-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----"
  snis: 
    - name: 'api.gps-server.test'

Object style 2 gives certificate cert & key are invalid

Object style 1 gives the below error

jwk decode failed: error decoding JSON from JWK: Expected value but found invalid number at character 1, continuing

If anyone face the same issue and resolve it somehow, please help

Thanks

Below is how you write certificate and SNI objects, tested on 2.4.1 version.

certificates:
- cert: |-
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  key: |-
    -----BEGIN EC PRIVATE KEY-----
    -----END EC PRIVATE KEY-----
  snis:
  - name: '*.gps-server.test'

When you are stuck at writing declarative config, it might be a good idea to use a DB back Kong to create the objects first and then use decK to dump the config.

Thanks for the help…

I’m curious but isn’t this(DB-Less Mode) a feature of kong so why there is no proper documentation or
a proper example of how to write kong db-less template in kongs documentation. As Searching for hours and couldn’t find any information about these example of YAML is really frustrating.

Thanks again for the help, really appreciated .


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ