Issue with posting SSL Certificate

C

ChibbyTraxX

New member
Joined
Oct 7, 2014
Messages
5
Hi all,

I've recently run into trouble using the DirectAdmin API to post SSL Certificates.
According to the API documentation I need only post the following:

domain='domain'
action='save'
type='paste'
certificate='-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
'

I have tested my Key/Certificate in DirectAdmin itself, and there it is accepted without issues. However when trying to post with the API it keeps returning
'Cannot Execute Your Request. Unable to find certificate Unable to find key certificate=-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----'

As far as I can see I'm creating the same post data as DirectAdmin itself sends out, but it seems I'm doing something wrong.

Please note that I have implemented the API for many other calls and they work fine.

Can anyone help me find where I went wrong? Thanks in advance!

--Chibby
 
Issue also exists with CACert

It seems the same issue exists for cacert:

I post the following data (as per the documentation):
domain='domain.com'
action='save'
type='cacert'
active='yes'
cacert=-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

But this returns
'Cannot Execute Your Request. Unable to find CA certificate certificate=-----BEGIN CERTIFICATE-----[...SSL Certificate, _not_ CACert...]-----END CERTIFICATE-----'

For completeness:
DirectAdmin version is 1.46.2
In our config we have
enable_ssl_sni=1 (docs)

--Chibby
 
Hello,

Not tried myself, just a guess that it should be without breaks (\n):


domain='domain'
action='save'
type='paste'
certificate='-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----[...]-----END RSA PRIVATE KEY-----'
certificate=cert and key. add n between them, and at the end.
Click to expand...

or your variant in another order:

domain='domain'
action='save'
type='paste'
certificate='
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE----
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY------
'
 
Hmm... It hasn't occurred to me to try them without newlines. I'll try that tomorrow, as well as the reverse order.

Thanks for the suggestions!

--Chibby
 
Removing newlines from the key/certificate does not help:
'Cannot Execute Your Request. Unable to find certificate Key is Invalid certificate=-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----'

I've also tried reversing the order to certificate/key while removing newlines, which apparently is a bad idea as this gives the following errors:
'Cannot Execute Your Request. unable to load certificate 139633965840200:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE Certificate is Invalid Unable to find key certificate=-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----'

Prefacing the contents with a newline is also no good:
'Cannot Execute Your Request. No text provided No text provided Unable to find certificate Unable to find key certificate=-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----'

Simply changing the order to certificate/key leaves me with the same message I started with:
'Cannot Execute Your Request. Unable to find certificate Unable to find key certificate=-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----'

In a last ditch effort I've also tried to take the docs literally, sending this:
domain='domain'
action='save'
type='paste'
certificate='-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----n-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----n'
but you still end up with:
'Cannot Execute Your Request. Unable to find certificate Unable to find key certificate=-----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----'

Regarding the CA Cert:
I've tried removing newlines, but that did not help there either:
'Cannot Execute Your Request. unable to load certificate 140465253443400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE CA Certificate is Invalid certificate=-----BEGIN CERTIFICATE-----[...SSL Certificate, _not_ CACert...]-----END CERTIFICATE-----'

I've run out of ideas. Is there anyone that can confirm that this part of the API is working correctly?

--Chibby
 
Just tested, and it's working for me:


# cat test_ssl.php
PHP: 
#!/usr/local/bin/php
<?
include 'httpsocket.php';
$server_ip="127.0.0.1"; 
$server_login="username";
$server_pass="***secret***";
$server_host="127.0.0.1";
$server_ssl=true;
$server_port=2222;

$sock = new HTTPSocket;
if ($server_ssl){
    $sock->connect("ssl://".$server_host, $server_port);
}
else
{
    $sock->connect($server_host, $server_port);
}

$certificate=<<<EOL
-----BEGIN RSA PRIVATE KEY-----
[...skipped...]
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[...skipped...]
-----END CERTIFICATE-----
EOL;

$sock->set_login($server_login,$server_pass);
$sock->method = "POST";
$sock->query('/CMD_API_SSL',
    array(
        'domain' => 'domain.com',
        'action' => 'save',
        'type' => 'paste',
        'certificate' => $certificate
    ));
$result = $sock->fetch_parsed_body();

print "\n";
var_dump($result['text'],$result['details']);
print "\n\n";


returns
Code: 
string(26) "Certificate and Key Saved."
 
After mucking about some more I decided to try using the HTTPSocket class instead of cURL.
Without any modifications to the call except that it now uses the socket, the request was accepted without problems.

It seems I overlooked the fact that cURL has issues with sending content that spans multiple lines.

Thank you very much for the help!

I'll try to see if I can get it to work using cURL, and if I do I will post it here.

--Chibby
 
You must log in or register to reply here.
Back
Top