08-16-2018 03:41 PM
I'm testing some certificate automation code in my lab and I've run into an odd problem dealing with the grid member certificate upload feature.
The script I'm working on was able to successfully upload a custom certificate I verified it was being served properly from the admin GUI. Inevitably, I tried to run the script again after tweaking some things, but get the error, "The certificate already exists." Fine, that makes sense. So via the GUI I replaced the custom cert with a new self-signed one and verified the self-signed cert was being served properly.
So I try my upload script again with the custom cert and I'm still getting the error about the certificate already existing. The same error shows up if I try to upload from the GUI as well. So even though the member is not actually using the custom cert anymore, it seems like it still has a reference to it somewhere that needs to be deleted. Does anyone know how to fix this? I can't find anything in the docs about being able to manage or delete member certificates. Have I run into a bug?
08-19-2018 12:18 PM
The error that you are getting - "The certificate already exists" seems strange.
As I understand it, these are the steps that you are performing.
- Created a CSR from NIOS member.
- Signed the CSR and uploaded the signed certificate using API script.
- Tried running the upload script again but received error.
- Generated self-signed certificate and tried the certificate upload script again. But the script failed again.
I would expect an error here but the error would be "Could not find a CSR with a matching public key". This is because, when a certificate is uploaded, the CSR is deleted from the database. This is the same, even if a self-signed certificate is generated.
I am not sure how the automation workflow is set up in your environment, but it would need to include generating a new CSR, getting it signed and uploading it to the member.
08-19-2018 01:26 PM