ssl_certificate-cookbook icon indicating copy to clipboard operation
ssl_certificate-cookbook copied to clipboard

Published 20 hours ago verified publisher icon zuazo

Creating a PEM file containing both cert and private key?

Open jayhendren opened this issue 7 years ago • 3 comments

Is there a way to use the ssl_certificate cookbook to create a PEM file containing the signed certificate, intermediate certs (if any), and private key, in that order? I'm trying to write a cookbook to configure some HAProxy instances, and HAProxy needs the certs and key to live in a PEM file together. We already use ssl_certificate to manage SSL certs for other applications and generate self-signed certs in TestKitchen, so I was hoping to use it for HAProxy too.

jayhendren avatar Mar 21 '17 17:03 jayhendren

No, currently. Although I do not think that it will be difficult to add it to the cookbook.

But I have some doubts about how we can implement the interface. How do you expect it to work? I mean, adding a property to the resource and generating only the pem file, generating both the cert&key and pem, ...?

Of course, please, send me a PR if you try to implement it.

zuazo avatar Mar 24 '17 12:03 zuazo

I'm not sure of how it should be implemented, but here are a couple thoughts:

  • new resource(s) that takes existing certs/keys as input properties and converts them (e.g. pkcs12 to pem or vice-versa) and/or adds them to new or existing .pem or .p12 container files
  • more properties on the existing resource for controlling whether the cert/key are output as one .pem file containing all certs/keys or output as one file per cert/key

jayhendren avatar Mar 24 '17 19:03 jayhendren

The certificate cookbook has the boolean properties combined_file and nginx_cert to achieve this.

hrak avatar Sep 28 '18 11:09 hrak