General discussion about Chef

[chef] Re: Re: Re: Re: Re: Re: Re: Handle with Tomcat Certificates


Chronological Thread 
  • From: Tom Duffield < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Re: Re: Re: Handle with Tomcat Certificates
  • Date: Mon, 28 Oct 2013 15:06:36 -0500
could you store the binary file in a third party storage provider (i.e. amazon s3) and store references to them in the data bag?

Tom Duffield — Automation Consulting Engineer

651.769.7497 –  " style="color:rgb(105,117,130)" target="_blank">  – my: Linkedin  Twitter

OPSCODE

CODE CAN

opscode.com   Blog   Facebook   Twitter   YouTube


On Mon, Oct 28, 2013 at 2:55 PM, Eduardo Dias < " target="_blank"> > wrote:
Yes i can do it, but the point is regarding the certificate file type, they are binary files, then, I need to transform it to a text to save in databag and transform it again to binary to use.
I am not sure if it works.

Eduardo


2013/10/28 Tom Duffield < " target="_blank"> >
You could have the recipe upload the certificate to a data bag? Then the others could download the certificates as they get updated. 

Tom Duffield — Automation Consulting Engineer

651.769.7497 –  " style="color:rgb(105,117,130)" target="_blank">  – my: Linkedin  Twitter

OPSCODE

CODE CAN

opscode.com   Blog   Facebook   Twitter   YouTube


On Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias < " target="_blank"> > wrote:
Yes, I can do it. But how to copy the certificates built during chef run from one to other?


2013/10/28 Tom Duffield < " target="_blank"> >
Could you drop off everything minus the self-signed portion using Chef and just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 –  " style="color:rgb(105,117,130)" target="_blank">  – my: Linkedin  Twitter

OPSCODE

CODE CAN

opscode.com   Blog   Facebook   Twitter   YouTube


On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias < " target="_blank"> > wrote:
Thanks Tom,

we are using databags and files to store some certificates, but in this case I need to create a self-signed certificate using the FQDN and import it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to avoid create a trust relationship between the server and clients, just for security reasons.

Regards,

Eduardo


2013/10/28 Tom Duffield < " target="_blank"> >
Hey Eduardo, 
Methods that I have seen used in the past include: 

- Store the certificate in Chef managed entity (cookbook files, data bag) and have Chef drop it off
- Use Chef recipe to establish SSH trust between the necessary servers. 


Tom Duffield — Automation Consulting Engineer

651.769.7497 –  " style="color:rgb(105,117,130)" target="_blank">  – my: Linkedin  Twitter

OPSCODE

CODE CAN

opscode.com   Blog   Facebook   Twitter   YouTube


On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias < " target="_blank"> > wrote:
Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I need to copy the Tomcat7 public certificate to other servers and import it in Java cacerts. The problem is that I dont´t have ssh trust between these servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo




--

Atenciosamente,

Eduardo




--

Atenciosamente,

Eduardo




--

Atenciosamente,

Eduardo


Archive powered by MHonArc 2.6.16.

§