Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cert: no CA file provided, won't write to disk #32

Closed
jordiclariana opened this issue Nov 9, 2017 · 3 comments
Closed

cert: no CA file provided, won't write to disk #32

jordiclariana opened this issue Nov 9, 2017 · 3 comments

Comments

@jordiclariana
Copy link
Contributor

After successfully configured cfssl serve I configured certmgr like this:

{
    "service": "nginx",
    "action": "restart",
    "request": {
        "CN": "www.example.net",
        "hosts": [
            "example.net",
            "www.example.net"
        ],
        "key": {
            "algo": "ecdsa",
            "size": 521
        },
        "names": [
            {
                "C": "US",
                "ST": "CA",
                "L": "San Francisco",
                "O": "Example, LLC"
            }
        ]
    },
    "private_key": {
        "path": "/etc/ssl/private/www.key",
        "mode": "0600"
    },
    "certificate": {
        "path": "/home/kyle/tmp/certmgr/certs/test1.pem"
    },
    "authority": {
        "remote": "localhost:8888",
        "auth_key": "0123456789ABCDEF0123456789ABCDEF",
        "profile": "server"
    }
}

All settings are correct, but when I try to exec this ./certmgr-linux-amd64-v1.4.2 check I get this message:

2017/11/09 15:28:21 [INFO] certmgr: loading from config file /etc/certmgr/certmgr.yaml
2017/11/09 15:28:21 [INFO] manager: loading certificates from/etc/certmgr.d
2017/11/09 15:28:21 [INFO] manager: loading spec from /etc/certmgr.d/test.json
2017/11/09 15:28:21 [INFO] cert: no CA file provided, won't write to disk
2017/11/09 15:28:21 [INFO] manager: watching 1 certificates
OK

After searching the code for cert: no CA file provided, won't write to disk I figured out that I have to include a "file": "<something>" in the authority section, but when I do I always get a format error:

Failed: json: cannot unmarshal string into Go struct field CA.file of type cert.File

This is not documented and I can't figure out what value should I set there. Is that really necessary?
@kisom
Copy link
Contributor

kisom commented Nov 9, 2017

You don't have to. It's an informational message, but it's poorly written (it won't write the CA file to disk, but it will write the certificate and key to disk). I'll release an update shortly.

@kisom
Copy link
Contributor

kisom commented Nov 9, 2017

Also, I have a PR underway with the README updated for this; it was an internal feature we were testing.

@kisom kisom closed this as completed Nov 9, 2017
@jordiclariana
Copy link
Contributor Author

Cool, thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kisom @jordiclariana