How to add certificates and sni’s in kong dbless config
I am adding like -
certificates:
- name: cert
cert: “-----BEGIN CERTIFICATE-----
something==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
something=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
something=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
something=
-----END CERTIFICATE-----”
key: “-----BEGIN PRIVATE KEY-----
something=
-----END PRIVATE KEY-----”
snis:
- name: "one.example.com"
certificate:
- name: cert
- name: "two.example.com"
certificate:
- id: cert
But this is giving errror
how to add certificates, how to encode it
how to add sni’s and link them to certificates
narate
November 17, 2019, 12:03pm
2
Thanks @narate
But i am getting this error
2019/11/17 12:35:49 [error] 1#0: init_by_lua error: /usr/local/share/lua/5.1/kong/init.lua:469: error parsing declarative config file /kong_dbless/kong.yml:
in 'certificates':
- in entry 1 of 'certificates':
in 'key': invalid key: pkey.new: tasn_dec.c:1130:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
in 'cert': invalid certificate: x509.cert.new: asn1_lib.c:101:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
I am adding certificate like
certificates:
- cert: "-----BEGIN CERTIFICATE----- MIIG...YuFfvvdg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGEzCCA/ugAw...zlIPK1aEn8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFdzCCBF...xyHNwu8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIENj...CCAx6g= -----END CERTIFICATE-----"
key: "-----BEGIN PRIVATE KEY----- MIIJQwIBADAN...BgkqhkiGo= -----END PRIVATE KEY-----"
snis:
- name: energy.zenatix.com
I tried both with and without spaces / blanks / newlines in both cert and key, but it’s not working and giving the same error.
narate
November 17, 2019, 12:54pm
4
For single line cert
and key
must have \n
for new line, but we can use multi line syntax in YAML
e.g.
- cert: |
-----BEGIN CERTIFICATE-----
.....
Thanks @narate , this worked flawlessly. Thanks a lot.