Dbless config certificate and sni

How to add certificates and sni’s in kong dbless config

I am adding like -
certificates:
- name: cert
cert: “-----BEGIN CERTIFICATE-----
something==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
something=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
something=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
something=
-----END CERTIFICATE-----”
key: “-----BEGIN PRIVATE KEY-----
something=
-----END PRIVATE KEY-----”

snis:
  - name: "one.example.com"
    certificate:
      - name: cert
  - name: "two.example.com"
    certificate:
      - id: cert

But this is giving errror

  1. how to add certificates, how to encode it
  2. how to add sni’s and link them to certificates

Hello @deepaksood619 take a look at this post How to set Certificates and SNIs in Kong DB-less

Thanks @narate

But i am getting this error

2019/11/17 12:35:49 [error] 1#0: init_by_lua error: /usr/local/share/lua/5.1/kong/init.lua:469: error parsing declarative config file /kong_dbless/kong.yml:
in 'certificates':
  - in entry 1 of 'certificates':
    in 'key': invalid key: pkey.new: tasn_dec.c:1130:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
    in 'cert': invalid certificate: x509.cert.new: asn1_lib.c:101:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

I am adding certificate like

certificates:
   - cert: "-----BEGIN CERTIFICATE----- MIIG...YuFfvvdg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGEzCCA/ugAw...zlIPK1aEn8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFdzCCBF...xyHNwu8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIENj...CCAx6g= -----END CERTIFICATE-----"
     key: "-----BEGIN PRIVATE KEY----- MIIJQwIBADAN...BgkqhkiGo= -----END PRIVATE KEY-----"
     snis:
     - name: energy.zenatix.com

I tried both with and without spaces / blanks / newlines in both cert and key, but it’s not working and giving the same error.

For single line cert and key must have \n for new line, but we can use multi line syntax in YAML

e.g.

- cert: |
 -----BEGIN CERTIFICATE----- 
.....

Thanks @narate, this worked flawlessly. Thanks a lot. :grin:


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ