[chef] Re: Re: Re: Re: Re: Re: Re: Re: Re: Handle with Tomcat Certificates

[Sölvi Páll Ásgeirsson < >]

We use data bags to store base64-encoded PKCS12 certificate bundles.

The following code is used to save the certificates locally in their original binary form:

  ruby_block "save certificate #{cert['cn']}" do

    block do

      require 'base64'

      ::File.open(pfx_file_path, "wb") { |file| file.write(Base64.decode64 cert["pfx"]) }

      Chef::Log.info("Certificate #{cert['subject']} downloaded")

    end

    not_if { ::File.exists? pfx_file_path }

  end

Going the other way around shouldn't be hard.

Hope this helps,

Sölvi Páll Á.

On Mon, Oct 28, 2013 at 8:34 PM, Eduardo Dias < " target="_blank"> > wrote:

Thanks Arnold.

I will try to export to pem format, I have tried to export with base64 command, but didn´t work, maybe I have missed some.

Thanks

Eduardo

2013/10/28 Arnold Krille < " target="_blank"> >

On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
< " target="_blank"> > wrote:
> Yes i can do it, but the point is regarding the certificate file
> type, they are binary files, then, I need to transform it to a text
> to save in databag and transform it again to binary to use.
> I am not sure if it works.

You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.

--

Atenciosamente,

Eduardo