cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL cert format for cluster API Enpoint

pahofmann
DynaMight Guru
DynaMight Guru

Which format should the certs have when updating them via the /sslCertificate/store/{entityType}/{entityId} Endpoint of the Cluster Management API?

When using the same format as the UI upload I get:

IllegalArgumentException: Cannot decode private key. Error: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=111, too big."

 

Dynatrace Certified Master, AppMon Certified Master - Dynatrace Partner - 360Performance.net
2 REPLIES 2

Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

I've generated certs like that:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem


format is :

.pem – (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"

Example call:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Api-Token QwybepszSWasAwp7Kh-gB' -d '{"certificateChainEncoded":"","privateKeyEncoded":"-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvABFXcNCBdcZ7\nyEVx1o2ue3+B5xXpxYsyPjuEW42gzaif0R4UAv+zn4uRTWsaB28EX/DW5sdTm+eK\nMiZ++56q/5HmkaF99u4zwlWpcYE4gxC9s/iZ1IYMmvGOsH2wdlXLV27YQqhg+T2Y\nxzENJJtvReYwWY7K+brSHg843cYS3zAiQyo/U7VgD7DeX/X8LqyBdTqDokQwvHDk\nYZrvssd84fnS6ic4pH6e1iZJ1s+/6/XIM71KpZhAb80f/WUF19jcCDcIc4WjULua\ny6Yt/3RCLDe1kVN5JxmWiYgl3IwcjwhPugFJpoLYHH0R+THNfLt/9APutqvi7rDj\n83R+83f/AgMBAAECggEANeeEb/W9FBOOJvTCh1U6YSODXCUtN8v0m25V8OgukPio\nV0oXxLxDvTWIzSIWunbNuIBA9EEz5sogIQ5fkz+4WR3N+EKlhuJ37xOORVpEHn8o\nufZkviWbgOh9PaGZpbBdrvvolc66hNxhH91De7Pp+PWD+SKs/FK+PBisQaz2ZTs9\nzjKy3xlIUfjY2OI8WtHfD7YeC9GxiJ5sa5eNgB9Ua6kfA4spk/hopuK7e0PluiUv\n9PJsxqLzmdbcUKEjwrfZL/8rwwP/Bf0GB6XqZtUpdReUqYZDJkmntKhhzQovi6SC\nwHExwVoLWEn3lJyUx0iPXOsvF7s5G1dr8sLT6IA/8QKBgQDejXg1KS/dfTB8wt1K\nfxUPz6ZmLlBHCj1nYUBLojh0VPfK9MgXRxWWPd8sIPkgbQL0IkS+MflQ1C++AcF1\nxMRxmbkL0VFD/t59+E9PQhS3j+3NB+VrEJHFthsky6/a2AD3BOEPiV6SJMXsEKKo\nua0/Nqrwv8ob2jYcqMbAEFQndwKBgQDJTQ9sa9oR84U+aH+SlOZ06w/znoIShv1h\nuVszBvVkJi7oafgMEvYWsAdRottDRw3bfPE+neuRqZ9bqDCKrfnm9oU+2Aay/Tp0\nde/AqZk+GCa7HYkM/MssToFAkw0LfFPA2suGXtol9VQOof87R04z64MUY5yE/nr7\nTbE+HDdluQKBgATBEOhR0OvyWK7RmtiUjmagEPXt11ktJtKmiTEUbhBOIFz9jaix\npAxplfLjYW8H5SBB+yX0+1Z2se5lKzTQ10F1/zX5arsBHs+iFk+jIb4qHPJcUNJQ\nsEyA72OB1mfeZWbhe81RKewFTRUV5eOk08ad7FjoP/EIYE+Ma3J+5s1RAoGAB0nw\nBgf9tGqx52mXPPKBSbh9MmAJ66vRnuk8QSO+XOr5BddYcO9606V6Dl2sPMpk2Q60\nGYVUU0jmCUaUw2C7TL6eYoEl9PMwW6ktjjdV4iazuFDAdqTsomURTwpEDadpzPDf\nL7VdhsRUT9dTy4ywazba3zEgKLyiLVlJ0qro4pkCgYEA3HzHiAAWstEnFx0/qf0C\npRclHtS+HgXs2YZ1s6cjhoPQEQkxoalGjP7PaemmzOHTTmGX9T1enZs2jCSvZJGv\n81Mj/inOQhQDjNNacyuVpAOrHJAgZFw3whGhYF7cxfG3DY8xk57yN4u5DEUp1aCK\n3cbYxO5g9tx7JJ4OaaTdZbs=\n-----END PRIVATE KEY-----\n","publicKeyCertificateEncoded":"-----BEGIN CERTIFICATE-----\nMIIELTCCAxWgAwIBAgIJAPxh87akGJvOMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD\nVQQGEwJQTDEMMAoGA1UECAwDUG9tMQ8wDQYDVQQHDAZHZGFuc2sxEjAQBgNVBAoM\nCUR5bmF0cmFjZTEMMAoGA1UECwwDRGV2MS4wLAYDVQQDDCXDgsKUY2F3NzczLm1h\nbmFnZWQtc3ByaW50LmR5bmFsYWJzLmlvMSwwKgYJKoZIhvcNAQkBFh1yYWRvc2xh\ndy5zenVsZ29AZHluYXRyYWNlLmNvbTAeFw0xODAzMjkxMjAzMzFaFw0xOTAzMjkx\nMjAzMzFaMIGsMQswCQYDVQQGEwJQTDEMMAoGA1UECAwDUG9tMQ8wDQYDVQQHDAZH\nZGFuc2sxEjAQBgNVBAoMCUR5bmF0cmFjZTEMMAoGA1UECwwDRGV2MS4wLAYDVQQD\nDCXDgsKUY2F3NzczLm1hbmFnZWQtc3ByaW50LmR5bmFsYWJzLmlvMSwwKgYJKoZI\nhvcNAQkBFh1yYWRvc2xhdy5zenVsZ29AZHluYXRyYWNlLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAK8AEVdw0IF1xnvIRXHWja57f4HnFenFizI+\nO4RbjaDNqJ/RHhQC/7Ofi5FNaxoHbwRf8Nbmx1Ob54oyJn77nqr/keaRoX327jPC\nValxgTiDEL2z+JnUhgya8Y6wfbB2VctXbthCqGD5PZjHMQ0km29F5jBZjsr5utIe\nDzjdxhLfMCJDKj9TtWAPsN5f9fwurIF1OoOiRDC8cORhmu+yx3zh+dLqJzikfp7W\nJknWz7/r9cgzvUqlmEBvzR/9ZQXX2NwINwhzhaNQu5rLpi3/dEIsN7WRU3knGZaJ\niCXcjByPCE+6AUmmgtgcfRH5Mc18u3/0A+62q+LusOPzdH7zd/8CAwEAAaNQME4w\nHQYDVR0OBBYEFFmVwgdV+pI18nxngIyOgjAltBw3MB8GA1UdIwQYMBaAFFmVwgdV\n+pI18nxngIyOgjAltBw3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nABSqjypai7Z/IRZM9LTzlkH+8SxvlcRFj+1rWRPKebDlcXykDp5kPLnbhdBRs6b2\nrhk4SMq2MRZEV2b9FUXftAvf4TYLFQKf2xFMVYIJGFtX7LuiuvlIsIzfaKWeY2M3\nHi1/v7msqHXb88ULkkAYcF/KxkAoWfEw93TTrgJK5mk0Qs7aRuuy91eAzmSXNluW\n1ZmuZUDwjpZBj6V/bfR2buya98csP8uLPP5PpbrixaJGOiECA5ZWV6Ey4bgVa6Nn\nrWeb0XXqn4fChzx/SW5SgvkZxrPLW/l+ZdZ2J2mRFAXp/ES73Vrp+6nxceUJKHkJ\nx6P0Qe8oUfcHOryODwon+l0=\n-----END CERTIFICATE-----\n"}' 'https://10.176.40.112/api/v1.0/onpremise/sslCertificate/store/SERVER/1'


Hope that helps!


Senior Product Manager,
Dynatrace Managed expert

Thanks my problem was making a one liner out of the certs, not replacing the line breaks with \n.


Dynatrace Certified Master, AppMon Certified Master - Dynatrace Partner - 360Performance.net

Featured Posts