Security

Reply
Highlighted

Unable to re-upload member certificate

Authority
Posts: 25
891     0

Hey all-

 

I'm testing some certificate automation code in my lab and I've run into an odd problem dealing with the grid member certificate upload feature.

 

The script I'm working on was able to successfully upload a custom certificate I verified it was being served properly from the admin GUI. Inevitably, I tried to run the script again after tweaking some things, but get the error, "The certificate already exists." Fine, that makes sense. So via the GUI I replaced the custom cert with a new self-signed one and verified the self-signed cert was being served properly.

 

So I try my upload script again with the custom cert and I'm still getting the error about the certificate already existing. The same error shows up if I try to upload from the GUI as well. So even though the member is not actually using the custom cert anymore, it seems like it still has a reference to it somewhere that needs to be deleted. Does anyone know how to fix this? I can't find anything in the docs about being able to manage or delete member certificates. Have I run into a bug?

Re: Unable to re-upload member certificate

Adviser
Posts: 70
892     0

Hi,

 

The error that you are getting - "The certificate already exists" seems strange.

 

As I understand it, these are the steps that you are performing.

 

  • Created a CSR from NIOS member.
  • Signed the CSR and uploaded the  signed certificate using API script.
  • Tried running the upload script again but received error.
  • Generated self-signed certificate and tried the certificate upload script again. But the script failed again.

 

I would expect an error here but the error would be "Could not find a CSR with a matching public key". This is because, when a certificate is uploaded, the CSR is deleted from the database. This is the same, even if a self-signed certificate is generated.

 

I am not sure how the automation workflow is set up in your environment, but it would need to include generating a new CSR, getting it signed and uploading it to the member. 

 

Regards,

Sandeep

Re: Unable to re-upload member certificate

Authority
Posts: 25
892     0
Apologies, I should have clarified that the custom cert generation happens completely outside the Infoblox including the private key and csr generation. So the cert being uploaded is both cert and private key as a PEM and is the same each time. I’ve since take the script out of the equation and am just using the GUI for the uploads.
Showing results for 
Search instead for 
Do you mean 

Recommended for You