Syed, The certificate in the mentioned call is already UTF-8 encoded of the raw plain-text certificate. To make the api work I had to doubly encode the cert and key .
I guess it will be good to have this mentioned in the FS/docs as there is no UI for this and also a sample api call can help a lot. Thanks, Saksham -----Original Message----- From: Syed Ahmed [mailto:sah...@cloudops.com] Sent: Thursday, June 5, 2014 6:23 AM To: Saksham Srivastava Cc: Vijay Venkatachalam; dev@cloudstack.apache.org Subject: Re: Unable to upload SSL certificate Can you try to encode the certificate before passing it as the param? -Syed On Wed 04 Jun 2014 09:01:19 AM EDT, Saksham Srivastava wrote: > Adding Syed, > > I debugged the issue and here are my findings: > > The api is failing at CertServiceimpl: parseCertificate() > > return (Certificate) certPem.readObject(); > > readObject method is failing. > > I tried to use the certificate used in the test > runUploadSslCertSelfSignedWithPassword and other tests in > CertServiceTest.java The following is the api call: > > http://10.x.x.x:8096/client/api?command=uploadSslCert&certificate=---- > -BEGIN+CERTIFICATE-----%0AMIIDBjCCAe4CCQD5Q6qF5dVV0jANBgkqhkiG9w0BAQUF > ADBFMQswCQYDVQQGEwJB%0AVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW5 > 0ZXJuZXQgV2lkZ2l0%0AcyBQdHkgTHRkMB4XDTEzMTAyMTEzNTgwNFoXDTE0MTAyMTEzNT > gwNFowRTELMAkG%0AA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMG > EludGVybmV0%0AIFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC > AQoCggEB%0AAN%2F7lJtiEs68IC1ZPxY9NA34z9T4AU4LPS%2FkbQtuxx4X72XOBy%2By0 > cB%2FqdMD7JNV%0Ah8Mq4URDljhSDyVPdH%2F%2BjQr%2B7kWx2gNe2R%2FDCnd%2FmeVw > wU30JJvpGVZXt%2BMTef5N%0AQAbSfDMsuT4FaUY80InbDd24HelrjwunPdY9wwKXO6zL2 > fLjyDRediiydxcx18Vb%0ADq1cm7DRi4mNkmA3RwBQMhxGp3VsfXJ4Hy2WTRCCCxWHZphA > h3EUJGK3idum6%2F7j%0AHbAwpM%2Ft1kNWN8PZiYDZ1HbccgjmqB7Cub10BfB9g1RByiQ > %2FC87o5cKtQha3uuXR%0AiBcHISoDydQrgxKgUpiqEF0CAwEAATANBgkqhkiG9w0BAQUF > AAOCAQEASvulIaVb%0Azh8z2TysE6RFoYTAYIRXghFrmqCUyyQmUVTvs6vN8iaSXr%2BWM > QJcpgXewWcFrDhr%0AmIcyRCvF91ZYb7q6lMZFSpE6u%2FSUGIEtxGUDAfbkbQdKYmrMcb > ggUUIvSzgUFisO%0A Kr0H9PEO4AWtCCrtOJFc7jgu03Sv06wDxn9ghkyiBRnVkbAhoKfKnI179yKruJWR%0AA3ieEj0eFoUbeSH8hDkToj4ynpkAvEGoHjHG9j%2B8FJxy%2FPTjkyVPl1ykTs%2B2Jc1B%0ASnx8f2afdTenPWyyBm3wFuRZjEAJJLUO0kxM7E8hAwhGsr%2BXYanwcr1oA1dz6M3f%0Acq26lpjTH5ITwQ%3D%3D%0A-----END+CERTIFICATE-----%0A&privatekey=-----BEGIN+RSA+PRIVATE+KEY-----%0AProc-Type%3A+4%2CENCRYPTED%0ADEK-Info%3A+DES-EDE3-CBC%2CCCA6E4CB4C4039DD%0A%0ATaVCJtB0dE9xTZbX7GOaGJwwGHVAMjU1GbRIHf0jODdP%2BquZvbjklNqsw8Ozlia9%0Aq%2FG%2BUqtRJGlIPPLpce0YCrTo0P3eixZdMs0%2BhioAEJ4OLtL0SAC6b8q%2FgB6HRfAx%0ABvNg%2BumTqeF9YB68Tcuv%2F2g4VGKiaePQACyOzMdf7lGY7ojxoJCYZa1mfKb7jWrg%0AFLwmTtLLhNjb6CnOKo3klIef3A6zdutpgxF1gARzdRyXg4qCA3boYnwEptTOlJFu%0AovxbhDG9iuYYr4gXYSs1pLYptEC8J6iWpG%2Fqzkwfr4l5Cfg5uF00bbxQE5%2BWeRaj%0AYFicvXjB%2FkcoFZuCL7M%2FYRXYxkJ%2FEZ19xI9HZNBQ4L738StkSBKL4OhpF%2FqgYZ2y%0AZLRV6XT4AijUA0Ef7YTuUsTL7Qt9drj09gCtAzXTA7gpZBn5SqT9kWhuwSzY302l%0AKF8DIC6A52igk2QKPLbleM%2FV8eCu6n%2BJ4uF%2B0GwVRROuG7ThxAQiUlJKhoEYrndL%0AnzT7jHVLftjilhVWFu2On62bRf5t1QZuob%2B1AdK0ukvEI VsYnN4bnlAkc99Wi6C0%0AZJd9qW5L4A9XAC2gcjr3m0Rzw3RO%2Bk17faR8YfmTuJvGyBf5fnrSFoNkrninXQXp%0Ask0ajRi4PJ4XTswLyxjWRSt3egNsZBSKnVCibca%2FQoDEdZHSKXo2FlYiUYx8JHQX%0ASPUsLl9OQKC1W8%2F%2BReryqBLHCkiGEsvT8gVaXga0uhVaqe%2BPaVur2tbOHl4yCysC%0A%2BZlnKwsC84LQsUvpENdCh%2BD7E1I1Rao9IJMR6q9azKq8Ck63cOJ1fA9xSnxJGoCA%0AIlGLttlXrR32EtzYwEnlqf1nI%2FIqNQrAXQKrP5VPzHsgMFu5uD4OEZa92Q5cVTsz%0Aap%2F1UEqiJVYUt6nuA%2BaqOUlyjC0oNtYL%2FVO4DbHTFcHa8SI2cPSS6ebPMWPGHjUm%0Al9bWa6Q9iyplCYS6hinAVsAaLVjPi1Eu9Pc8rxFCmoiJYJju5NZuGI5UBK64dqcX%0AT6trWl0kB8QY63JtnrZaoStoSPImV5KVseUKDV8TM3Y76h1nLV3MSmAD1ivk9oKs%0AVKeVrDhZBWUq9Dqre%2F%2BlVGO0a2wo5VTR8hfpf8QkODPLeyNZNdfGKzkkFLuXa8V5%0AELhLQJ3FnbEU3NEvMwikV9MhP%2FELPTkZwJr%2FNKv%2B9JLs9eXtwz29I%2FQ8byQVrCCs%0AhAuDl0zHGRnqdpdSImeS2EXGx631zGMwSe8fhKelni5h6hXrXz52asr0k30BxWjf%0AWUn1uTInwVjWGy9B5j3mZlVDotFbvVAZgtR0IoFwihPl4VZd9oS13l%2BhMfrTy1YZ%0A8xFNg8ZqUQ0lSmKfOVqSBT0lP8tM8LuGxgY4cWluhsAQxR5Nl7wkundnqjcwEDDu%0AJz2rD54St1EZYGLDJZSfC7mpG2PgodsdeopQCTyFhHWa8s3caZ40GFOwaR%2B%2F5%2BYF %0A1oRvkR1Yr4qIS7KbX4xsaFfAA5b8QfLA74L05PAgDwKofam2GFAlAKHOcI6mexPq%0AaySON9MNdnXBNxs16mBJLzCX5ljQb0ilJildVEI3aVmABptM4ehEiw%3D%3D%0A-----END+RSA+PRIVATE+KEY-----%0A&password=test > > and the api fails with "Invalid Certificate format. Expected X509 certificate" > > Since all the tests pass, I am assuming a problem with the api encoding > format. > Can someone point to a working api call for the same. > > Thanks, > Saksham > > > -----Original Message----- > From: Sujaya Maiyya (Intern) [mailto:sujaya.mai...@citrix.com] > Sent: Tuesday, June 3, 2014 2:36 PM > To: dev@cloudstack.apache.org > Cc: Vijay Venkatachalam > Subject: Unable to upload SSL certificate > > Hi, > I am trying to upload an SSL certificate to Cloudstack using uploadSslCert > API since 4.3 version does not have UI support for the same. And I am getting > following exception: > Invalid Certificate format. Expected X509 certificate > > The certificate, private key and certificate-chain are URL encoded and sent > to the Cloudstack using a GET on 8096 port. On debugging, it was found that > some characters were missing from certificate after it was decoded from the > URL which is the cause of the exception. > > I am unable to figure out the reason, so can you please throw some light on > why are some characters missing after decoding the certificate from the URL? > > Thank you, > Sujaya >
