Auto provisioning certificates

Berg · March 12, 2024, 4:14pm

So I’m setting up auto-provisioning in OR.

However, I am struggling with the certificates, I keep getting the message “certifcate invalid” over the provisioning topic.

I have created a CA and used it for the creation of a couple of client certificates with a unique id.
CA certificate → into the Manager ui Auto provisioning tab

publishing to provisioning/#unique_id#/request:

{
“type”: “x509”,
“cert”: “------#ca certificate#-----#client certificate with unique id in cn#------ ”
}

Since the tuturial says: “The cert field should be in PEM format and must contain the certificate chain up to and including the CA certificate registered within OpenRemote.”

I’ve tried it with both certificates and the client certificate only, without succes.

What am I missing here ?
Thanks in advance

Berg · March 13, 2024, 9:29am

So I found my own solution here.

The challenge lies within formatting the .pem certificate chain in a one line json string format.

awk ‘NF {sub(/\r/, “”); printf “%s\n”,$0;}’ cert-name.pem

will result in the correct format

https://docs.vmware.com/en/Unified-Access-Gateway/3.10/com.vmware.uag-310-deploy-config.doc/GUID-870AF51F-AB37-4D6C-B9F5-4BFEB18F11E9.html

Rich · March 13, 2024, 12:11pm

Glad to hear you figured out a solution, JSON encoding can be a bit tricky. I will include a reference to formatting the PEM certificate in the wiki page.

system · June 11, 2024, 12:12pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.