Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.
Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
Hey Eduardo,
Methods that I have seen used in the past include:
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield
OPSCODE
CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode
On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
Thanks Tom,
we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to avoid
create a trust relationship between the server and clients, just for
security reasons.
Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data bag)
and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary servers.
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
Could you drop off everything minus the self-signed portion using Chef and
just generate the rest during the Chef run?
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield
OPSCODE
CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode
On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Thanks Tom,
we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data bag)
and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary servers.
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
Yes, I can do it. But how to copy the certificates built during chef run
from one to other?
2013/10/28 Tom Duffield tom@opscode.com
Could you drop off everything minus the self-signed portion using Chef and
just generate the rest during the Chef run?Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Thanks Tom,
we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data
bag) and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary servers.
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield
OPSCODE
CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode
On Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Yes, I can do it. But how to copy the certificates built during chef run
from one to other?2013/10/28 Tom Duffield tom@opscode.com
Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Thanks Tom,
we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data
bag) and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary servers.
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <eduardodiasbr@gmail.com
wrote:
Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically
I need to copy the Tomcat7 public certificate to other servers and import
it in Java cacerts. The problem is that I dont´t have ssh trust between
these servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
Yes i can do it, but the point is regarding the certificate file type, they
are binary files, then, I need to transform it to a text to save in databag
and transform it again to binary to use.
I am not sure if it works.
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Yes, I can do it. But how to copy the certificates built during chef run
from one to other?2013/10/28 Tom Duffield tom@opscode.com
Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Thanks Tom,
we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data
bag) and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary
servers.Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates, basically
I need to copy the Tomcat7 public certificate to other servers and import
it in Java cacerts. The problem is that I dont´t have ssh trust between
these servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
could you store the binary file in a third party storage provider (i.e.
amazon s3) and store references to them in the data bag?
Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield
OPSCODE
CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode
On Mon, Oct 28, 2013 at 2:55 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Yes i can do it, but the point is regarding the certificate file type,
they are binary files, then, I need to transform it to a text to save in
databag and transform it again to binary to use.
I am not sure if it works.Eduardo
2013/10/28 Tom Duffield tom@opscode.com
You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Yes, I can do it. But how to copy the certificates built during chef run
from one to other?2013/10/28 Tom Duffield tom@opscode.com
Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias <eduardodiasbr@gmail.com
wrote:
Thanks Tom,
we are using databags and files to store some certificates, but in
this case I need to create a self-signed certificate using the FQDN and
import it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data
bag) and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary
servers.Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates,
basically I need to copy the Tomcat7 public certificate to other servers
and import it in Java cacerts. The problem is that I dont´t have ssh trust
between these servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
No, I can not do it.
Maybe my option is to enable ssh trust between servers only for copy and
before the recipe finish I remove it.
Thanks for your time to help me.
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
could you store the binary file in a third party storage provider (i.e.
amazon s3) and store references to them in the data bag?Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 2:55 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Yes i can do it, but the point is regarding the certificate file type,
they are binary files, then, I need to transform it to a text to save in
databag and transform it again to binary to use.
I am not sure if it works.Eduardo
2013/10/28 Tom Duffield tom@opscode.com
You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Yes, I can do it. But how to copy the certificates built during chef
run from one to other?2013/10/28 Tom Duffield tom@opscode.com
Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:Thanks Tom,
we are using databags and files to store some certificates, but in
this case I need to create a self-signed certificate using the FQDN and
import it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.Regards,
Eduardo
2013/10/28 Tom Duffield tom@opscode.com
Hey Eduardo,
Methods that I have seen used in the past include:
- Store the certificate in Chef managed entity (cookbook files, data
bag) and have Chef drop it off- Use Chef recipe to establish SSH trust between the necessary
servers.Tom Duffield — Automation Consulting Engineer
651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffieldOPSCODE
CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscodeOn Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:Hi Chef Community,
I am looking for a tip to handle with Tomcat7 certificates,
basically I need to copy the Tomcat7 public certificate to other servers
and import it in Java cacerts. The problem is that I dont´t have ssh trust
between these servers.Has anyone that had this problem before?
Any tip will appreciated.
Regards,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo
On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:
Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.
You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.
Thanks Arnold.
I will try to export to pem format, I have tried to export with base64
command, but didn´t work, maybe I have missed some.
Thanks
Eduardo
2013/10/28 Arnold Krille arnold@arnoldarts.de
On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.
--
Atenciosamente,
Eduardo
We use data bags to store base64-encoded PKCS12 certificate bundles.
The following code is used to save the certificates locally in their
original binary form:
ruby_block "save certificate #{cert['cn']}" do
block do
require 'base64'
::File.open(pfx_file_path, "wb") { |file| file.write(Base64.decode64
cert["pfx"]) }
Chef::Log.info("Certificate #{cert['subject']} downloaded")
end
not_if { ::File.exists? pfx_file_path }
end
Going the other way around shouldn't be hard.
Hope this helps,
Sölvi Páll Á.
On Mon, Oct 28, 2013 at 8:34 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Thanks Arnold.
I will try to export to pem format, I have tried to export with base64
command, but didn´t work, maybe I have missed some.Thanks
Eduardo
2013/10/28 Arnold Krille arnold@arnoldarts.de
On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.--
Atenciosamente,
Eduardo
Thank you Solvi.
I will check it and try to use.
Regards,
Eduardo
2013/10/28 Sölvi Páll Ásgeirsson solvip@gmail.com
We use data bags to store base64-encoded PKCS12 certificate bundles.
The following code is used to save the certificates locally in their
original binary form:ruby_block "save certificate #{cert['cn']}" do
block do
require 'base64'
::File.open(pfx_file_path, "wb") { |file| file.write(Base64.decode64
cert["pfx"]) }
Chef::Log.info("Certificate #{cert['subject']} downloaded")
end
not_if { ::File.exists? pfx_file_path }
endGoing the other way around shouldn't be hard.
Hope this helps,
Sölvi Páll Á.
On Mon, Oct 28, 2013 at 8:34 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:
Thanks Arnold.
I will try to export to pem format, I have tried to export with base64
command, but didn´t work, maybe I have missed some.Thanks
Eduardo
2013/10/28 Arnold Krille arnold@arnoldarts.de
On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.--
Atenciosamente,
Eduardo
--
Atenciosamente,
Eduardo