VMware Cloud Community
APJ7033
Enthusiast
Enthusiast
‎08-16-2019 07:55 AM

Automating "Add Key"

Hi

We use certificate authentication for many of our systems. So for all my REST Hosts I need to add a private key to a keystore . If I manually run the workflow "Add Key" then create a REST Host that uses the private key everything works as expected when I do my REST calls. 

What I am trying to do it automate the "add key" workflow. So I created a customized version of the workflow. The main difference is that I am retrieving the PEM encoded cert and key chain from a Resource Element with a MIME Type of text/string. Now if I create a REST Host using this key my REST calls are not authorized. This leads me to believe something is going wrong when I am adding my key. The only thing that seems different between what I am doing and what the "add key" workflow is doing is in the presentation of the workflow the input for the cert is a multi line.

Tags (2)
0 Kudos
2 Replies
qc4vmware
Virtuoso
Virtuoso
‎08-18-2019 10:08 AM

Can you provide a sample of your workflow?

0 Kudos
APJ7033
Enthusiast
Enthusiast
‎08-19-2019 06:16 AM

Sending sample code from my environment is a little tricky. I did however manage to work around my issue. Here is a high level  of what I was doing that did not work and what I did to make it work.

1) Search for the top level keystore assign to an attribute (pKeyStore)

2) Create a child keystore using the above attribute (pKeyStore )and assign that to an attribute (cKeyStore)

3) Using cKeyStore create a new key for private key1

4) Using cKeyStore create a new key for private key2

In my instance key2 would never be able to setup a SSL connection. what ended up working for me is as follows 

1) Search for the top level keystore assign to an attribute (pKeyStore)

2) Create a child keystore using the above attribute (pKeyStore )and assign that to an attribute (cKeyStore1)

3) Using cKeyStore1 create a new key for private key1

4) Create a child keystore using the above attribute (pKeyStore )and assign that to an attribute (cKeyStore2)

5) Using cKeyStore1 create a new key for private key2

it would almost seem as if somehow during the creation of key2 in the first instance I corrupted the key. But the work around works and I am now able to automate my REST Host creation with certificate authentication.

0 Kudos