Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for EC384 in certdumper #820

Closed
cupcakearmy opened this issue Jan 10, 2019 · 5 comments · Fixed by #965
Closed

Support for EC384 in certdumper #820

cupcakearmy opened this issue Jan 10, 2019 · 5 comments · Fixed by #965
Labels
type/enhancement Enhances existing functionality

Comments

@cupcakearmy
Copy link

The mailu/certdumper cannot extract the key if it's not an RSA one.
I can't seem to find the code for the certdumper either. Is there a repo somewhere?

Attaching to mailu_certdumper_1
certdumper_1  | Thu Jan 10 02:32:18 UTC 2019 Dumping certificates
certdumper_1  | writing RSA key
certdumper_1  | Extracting cert bundle for mail.******
certdumper_1  | Extracting private key for mail.******
certdumper_1  | openssl x509 -inform PEM -in /tmp/work/certs/mail.******.crt > /tmp/work/pem/mail.******-public.pem
certdumper_1  | openssl rsa -in /tmp/work/private/letsencrypt.key -text > /tmp/work/pem/letsencrypt-private.pem
certdumper_1  | writing RSA key
certdumper_1  | openssl rsa -in /tmp/work/private/mail.******.key -text > /tmp/work/pem/mail.******-private.pem
certdumper_1  | 140247081323468:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287:
certdumper_1  | Thu Jan 10 02:32:18 UTC 2019 Copying certificates
certdumper_1  | '/tmp/work/pem/mail.******-private.pem' -> '/output/key.pem'
certdumper_1  | '/tmp/work/pem/mail.******-public.pem' -> '/output/cert.pem'
certdumper_1  | Setting up watches.
certdumper_1  | Watches established.
@HorayNarea
Copy link
Member

As can be seen in https://github.com/Mailu/Mailu/blob/master/optional/traefik-certdumper/Dockerfile#L5 the certdumper code is from traefik directly and handling of the dumped certs is done by https://github.com/Mailu/Mailu/blob/master/optional/traefik-certdumper/run.sh

@cupcakearmy
Copy link
Author

Thanks for the info!
So i guess its not an issue for this repo.
Maybe just add a comment/warning into the Docs to avoid confusion 🙂

@Nebukadneza
Copy link
Member

I’ll quickly link the issue, just for reference:
traefik/traefik#4381

@ldez
Copy link

ldez commented Feb 11, 2019

Hi, I created a more robust tool to dump Traefik certificates.: https://github.com/ldez/traefik-certs-dumper/releases

Note: I'm a Traefik core maintainer 😉

@muhlemmer muhlemmer added the type/enhancement Enhances existing functionality label Feb 12, 2019
@Nebukadneza
Copy link
Member

Hi @ldez ,

sorry for the extremely late replay — and thanks for your great project. That is orders of magnitude cleaner than what i did ^_^. I’ll rebuild our solution using yours. Thanks a bunch!

Nebukadneza added a commit to Nebukadneza/Mailu that referenced this issue Mar 10, 2019
@Nebukadneza
Use ldez/traefik-certs-dumper in certificate dumper, and make more ro…
1acd629 
…bust

closes Mailu#820
@Nebukadneza Nebukadneza mentioned this issue Mar 10, 2019
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/enhancement Enhances existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use ldez/traefik-certs-dumper in certificate dumper, and make more robust Nebukadneza/Mailu
5 participants
@HorayNarea @muhlemmer @ldez @Nebukadneza @cupcakearmy