Handle with Tomcat Certificates


#1

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo


#2

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data bag)
    and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo


#3

Thanks Tom,

we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to avoid
create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data bag)
    and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo


#4

Could you drop off everything minus the self-signed portion using Chef and
just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Thanks Tom,

we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data bag)
    and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo


#5

Yes, I can do it. But how to copy the certificates built during chef run
from one to other?

2013/10/28 Tom Duffield tom@opscode.com

Could you drop off everything minus the self-signed portion using Chef and
just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Thanks Tom,

we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data
    bag) and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically I
need to copy the Tomcat7 public certificate to other servers and import it
in Java cacerts. The problem is that I dont´t have ssh trust between these
servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo


#6

You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Yes, I can do it. But how to copy the certificates built during chef run
from one to other?

2013/10/28 Tom Duffield tom@opscode.com

Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Thanks Tom,

we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data
    bag) and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <eduardodiasbr@gmail.com

wrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically
I need to copy the Tomcat7 public certificate to other servers and import
it in Java cacerts. The problem is that I dont´t have ssh trust between
these servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo


#7

Yes i can do it, but the point is regarding the certificate file type, they
are binary files, then, I need to transform it to a text to save in databag
and transform it again to binary to use.
I am not sure if it works.

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Yes, I can do it. But how to copy the certificates built during chef run
from one to other?

2013/10/28 Tom Duffield tom@opscode.com

Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Thanks Tom,

we are using databags and files to store some certificates, but in this
case I need to create a self-signed certificate using the FQDN and import
it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data
    bag) and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary
    servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates, basically
I need to copy the Tomcat7 public certificate to other servers and import
it in Java cacerts. The problem is that I dont´t have ssh trust between
these servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo


#8

could you store the binary file in a third party storage provider (i.e.
amazon s3) and store references to them in the data bag?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my:
*Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Blog http://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode
Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 2:55 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Yes i can do it, but the point is regarding the certificate file type,
they are binary files, then, I need to transform it to a text to save in
databag and transform it again to binary to use.
I am not sure if it works.

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Yes, I can do it. But how to copy the certificates built during chef run
from one to other?

2013/10/28 Tom Duffield tom@opscode.com

Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias <eduardodiasbr@gmail.com

wrote:

Thanks Tom,

we are using databags and files to store some certificates, but in
this case I need to create a self-signed certificate using the FQDN and
import it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data
    bag) and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary
    servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates,
basically I need to copy the Tomcat7 public certificate to other servers
and import it in Java cacerts. The problem is that I dont´t have ssh trust
between these servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo


#9

No, I can not do it.
Maybe my option is to enable ssh trust between servers only for copy and
before the recipe finish I remove it.
Thanks for your time to help me.

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

could you store the binary file in a third party storage provider (i.e.
amazon s3) and store references to them in the data bag?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 2:55 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Yes i can do it, but the point is regarding the certificate file type,
they are binary files, then, I need to transform it to a text to save in
databag and transform it again to binary to use.
I am not sure if it works.

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

You could have the recipe upload the certificate to a data bag? Then the
others could download the certificates as they get updated.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 1:06 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Yes, I can do it. But how to copy the certificates built during chef
run from one to other?

2013/10/28 Tom Duffield tom@opscode.com

Could you drop off everything minus the self-signed portion using Chef
and just generate the rest during the Chef run?

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 12:37 PM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:

Thanks Tom,

we are using databags and files to store some certificates, but in
this case I need to create a self-signed certificate using the FQDN and
import it in cacerts of clients machines.
This is challenging me, how to do it in a secure way. I was trying to
avoid create a trust relationship between the server and clients, just for
security reasons.

Regards,

Eduardo

2013/10/28 Tom Duffield tom@opscode.com

Hey Eduardo,
Methods that I have seen used in the past include:

  • Store the certificate in Chef managed entity (cookbook files, data
    bag) and have Chef drop it off
  • Use Chef recipe to establish SSH trust between the necessary
    servers.

Tom Duffield — Automation Consulting Engineer

651.769.7497 – tom@opscode.com – *my: *Linkedinhttp://www.linkedin.com/in/thomasduffield/
Twitter https://twitter.com/tomduffield

OPSCODE

CODE CAN
opscode.com http://www.opscode.com Bloghttp://www.opscode.com/blog/
Facebook http://www.facebook.com/opscode Twitterhttp://www.twitter.com/opscode
YouTube http://www.youtube.com/opscode

On Mon, Oct 28, 2013 at 11:56 AM, Eduardo Dias <
eduardodiasbr@gmail.com> wrote:

Hi Chef Community,

I am looking for a tip to handle with Tomcat7 certificates,
basically I need to copy the Tomcat7 public certificate to other servers
and import it in Java cacerts. The problem is that I dont´t have ssh trust
between these servers.

Has anyone that had this problem before?

Any tip will appreciated.

Regards,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo


#10

On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:

Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.

You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.


#11

Thanks Arnold.

I will try to export to pem format, I have tried to export with base64
command, but didn´t work, maybe I have missed some.

Thanks

Eduardo

2013/10/28 Arnold Krille arnold@arnoldarts.de

On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:

Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.

You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.

Atenciosamente,

Eduardo


#12

We use data bags to store base64-encoded PKCS12 certificate bundles.
The following code is used to save the certificates locally in their
original binary form:

ruby_block “save certificate #{cert[‘cn’]}” do
block do
require ‘base64’
::File.open(pfx_file_path, “wb”) { |file| file.write(Base64.decode64
cert[“pfx”]) }
Chef::Log.info(“Certificate #{cert[‘subject’]} downloaded”)
end
not_if { ::File.exists? pfx_file_path }
end

Going the other way around shouldn’t be hard.

Hope this helps,

Sölvi Páll Á.

On Mon, Oct 28, 2013 at 8:34 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Thanks Arnold.

I will try to export to pem format, I have tried to export with base64
command, but didn´t work, maybe I have missed some.

Thanks

Eduardo

2013/10/28 Arnold Krille arnold@arnoldarts.de

On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:

Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.

You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.

Atenciosamente,

Eduardo


#13

Thank you Solvi.

I will check it and try to use.

Regards,

Eduardo

2013/10/28 Sölvi Páll Ásgeirsson solvip@gmail.com

We use data bags to store base64-encoded PKCS12 certificate bundles.
The following code is used to save the certificates locally in their
original binary form:

ruby_block “save certificate #{cert[‘cn’]}” do
block do
require ‘base64’
::File.open(pfx_file_path, “wb”) { |file| file.write(Base64.decode64
cert[“pfx”]) }
Chef::Log.info(“Certificate #{cert[‘subject’]} downloaded”)
end
not_if { ::File.exists? pfx_file_path }
end

Going the other way around shouldn’t be hard.

Hope this helps,

Sölvi Páll Á.

On Mon, Oct 28, 2013 at 8:34 PM, Eduardo Dias eduardodiasbr@gmail.comwrote:

Thanks Arnold.

I will try to export to pem format, I have tried to export with base64
command, but didn´t work, maybe I have missed some.

Thanks

Eduardo

2013/10/28 Arnold Krille arnold@arnoldarts.de

On Mon, 28 Oct 2013 17:55:22 -0200 Eduardo Dias
eduardodiasbr@gmail.com wrote:

Yes i can do it, but the point is regarding the certificate file
type, they are binary files, then, I need to transform it to a text
to save in databag and transform it again to binary to use.
I am not sure if it works.

You can export the certificate to pem-format, store that in the databag
(or in a node-attribute) and then roll that out to the others via chef.

Atenciosamente,

Eduardo

Atenciosamente,

Eduardo