Announcement

Collapse
No announcement yet.

WebMgrSetSslCert

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WebMgrSetSslCert

    Can I get an example of using this function? So basically what would the following parameters be set to:

    pSslCert
    sslCertLen
    pSslKey
    sslKeyLen
    save
    restart.

    Thanks!

  • #2
    We do not have example code available right now. Perhaps another member of this forum could help out.

    Comment


    • #3
      Can you at least tell me the format that the char * arguments need to be in? I really need to be able to use this function.

      Comment


      • #4
        Check out the information in this post.

        Comment


        • #5
          I do not want to sound rude and maybe I am missing what you are trying to
          point me too but that other post is a thread that I started about the
          WebMgrGenerateCertificat not the WebMgrSetSslCert and the char *
          parameters seem very different between the two.

          Here is what I am trying to do and what I have tried:

          1. Using OpenSSL I have generated a 1024 bit Private Key and a Certificate using that private key.

          2. I have started the CLI of my Xport AR and I am using the Enable->SSL level.

          3. I type ssl which it then asks:

          Enter SSL Certificate or Private Key Followed by a blank line:

          -----BEGIN CERTIFICATE-----
          MIICATCCAWoCCQDDU037sHOnxzANBgkqhkiG9w0BAQUFADBFMQ swCQYDVQQGEwJV
          UzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZX JuZXQgV2lkZ2l0
          cyBQdHkgTHRkMB4XDTA5MDMxMjIxMTgwMloXDTEwMDMxMjIxMT gwMlowRTELMAkG
          A1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBA oTGEludGVybmV0
          IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEAy1J6
          8Tx/RAGq/Gp7jGYUuop4nj+5AK/rBRHyiWAOM9TV2EMxSVcSMNix4YwKVd+/mqMr
          k2w5sRw2QBF2f45c+oELhW32FBwHlmbjR4Ttv9qlfZqvUXfeUB VfRoJW517mhqVq
          NsKUcd0MIFig1lil3t5wyPmJZmpK2EOK55OSXkcCAwEAATANBg kqhkiG9w0BAQUF
          AAOBgQCGKJHUmzVj1NNYjhrQrNzGZJMWJyKACl76uC8toXrqmx OdqKlVqyov2M/L
          pU53bF2fwdf/XCJ/s7Pe9fhGcg4lUyEvhdOOetIIzv2zdTz2269qlm1lcXVu/80D
          D7viDbMQs4Q9LUAwak/3WppnMz00phv1RyykfsqLAOl0AIJNsQ==
          -----END CERTIFICATE-----

          Then it asks:

          Enter Private Key followed by a blank line:

          -----BEGIN RSA PRIVATE KEY-----
          MIICXQIBAAKBgQDLUnrxPH9EAar8anuMZhS6inieP7kAr+sFEf KJYA4z1NXYQzFJ
          VxIw2LHhjApV37+aoyuTbDmxHDZAEXZ/jlz6gQuFbfYUHAeWZuNHhO2/2qV9mq9R
          d95QFV9GglbnXuaGpWo2wpRx3QwgWKDWWKXe3nDI+YlmakrYQ4 rnk5JeRwIDAQAB
          AoGBAJPerZkqpWghSmh/TNFkIGk2cditgW/1gRhT4C92031wqgG5hGvRTmKGBoCB
          p7ainqfpSbTS/fZIDVB1IthMAmPEc2w65cy72n4LeDDtm71xE/diUrNsdd6DhBHq
          OEyBs2lrTrgSFUGP5Nv0OFXN5NpJyFBgKFe8ZUYmBPH0ML5RAk EA9xtZAIG5hEEV
          w0mlRXGFFxN0zz6jT5aTiQY5zq3NqzTNQeMtxPHUZjlOcQdT95 mJbScVfFEI4aFv
          +bQH6RhEaQJBANKjvA2JzAwZqFNuQU6fZhv3AemvHVppdiBdgr k5SvnTCkR3S8Je
          j35GuPStNGwsZz0fACBCesfTPVAqer+pdy8CQFC/tw3bVmxJeHsgjclrlzo7OWif
          524SnpOgXTOUyCiyUIC/ZC1/eREOmPuGkYHPwoDQzMybDnPs9VJ76jnZnEECQEtc
          +bN+Udsicu8my4bt0QLAZZbOaJookXMTAepzbTflIg9M/3YTjxOHCjXAorjxSh68
          MLdaEcPc+FruV+yrHVECQQDrB031Xo1ZPYqWy1jKy91/vsLNzqmZyrKnpkJStsHB
          /Re7MYL+5Rrk84y18FujfKKnzNTR0JbWL5JTF9VJAKpT
          -----END RSA PRIVATE KEY-----

          4. Once I have done both of these things I type show ssl and I see this:

          (ssl)#show ssl
          SSL Certificate stored in system:
          Version : 1 (0x00)
          Serial Number : 00 c3 53 4d fb b0 73 a7 c7
          Signature Algorithm : sha1WithRSAEncryption
          Issuer:
          C : US
          ST : Some-State
          L :
          O : Internet Widgits Pty Ltd
          OU :
          CN :
          Validity:
          Issued On : Mar 12 21:18:02 2009 GMT
          Expires On : Mar 12 21:18:02 2010 GMT
          Subject:
          C : US
          ST : Some-State
          L :
          O : Internet Widgits Pty Ltd
          OU :
          CN :
          Subject Public Key : 1024-bit
          : cb 52 7a f1 3c 7f 44 01 aa fc 6a 7b 8c 66 14 ba
          : 8a 78 9e 3f b9 00 af eb 05 11 f2 89 60 0e 33 d4
          : d5 d8 43 31 49 57 12 30 d8 b1 e1 8c 0a 55 df bf
          : 9a a3 2b 93 6c 39 b1 1c 36 40 11 76 7f 8e 5c fa
          : 81 0b 85 6d f6 14 1c 07 96 66 e3 47 84 ed bf da
          : a5 7d 9a af 51 77 de 50 15 5f 46 82 56 e7 5e e6
          : 86 a5 6a 36 c2 94 71 dd 0c 20 58 a0 d6 58 a5 de
          : de 70 c8 f9 89 66 6a 4a d8 43 8a e7 93 92 5e 47
          (ssl)#

          This tells me that I have successfully generated a certificate. The problem is
          that I want to do this programatically using the WebMgrSetSslCert
          function. So how do I define a char * such that it will work for me, do I
          need to do the following:

          static char * certificate = "-----BEGIN CERTIFICATE-----
          MIICATCCAWoCCQDDU037sHOnxzANBgkqhkiG9w0BAQUFADBFMQ swCQYDVQQGEwJV
          UzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZX JuZXQgV2lkZ2l0
          cyBQdHkgTHRkMB4XDTA5MDMxMjIxMTgwMloXDTEwMDMxMjIxMT gwMlowRTELMAkG
          A1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBA oTGEludGVybmV0
          IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEAy1J6
          8Tx/RAGq/Gp7jGYUuop4nj+5AK/rBRHyiWAOM9TV2EMxSVcSMNix4YwKVd+/mqMr
          k2w5sRw2QBF2f45c+oELhW32FBwHlmbjR4Ttv9qlfZqvUXfeUB VfRoJW517mhqVq
          NsKUcd0MIFig1lil3t5wyPmJZmpK2EOK55OSXkcCAwEAATANBg kqhkiG9w0BAQUF
          AAOBgQCGKJHUmzVj1NNYjhrQrNzGZJMWJyKACl76uC8toXrqmx OdqKlVqyov2M/L
          pU53bF2fwdf/XCJ/s7Pe9fhGcg4lUyEvhdOOetIIzv2zdTz2269qlm1lcXVu/80D
          D7viDbMQs4Q9LUAwak/3WppnMz00phv1RyykfsqLAOl0AIJNsQ==
          -----END CERTIFICATE-----";

          static char * key = "-----BEGIN RSA PRIVATE KEY-----
          MIICXQIBAAKBgQDLUnrxPH9EAar8anuMZhS6inieP7kAr+sFEf KJYA4z1NXYQzFJ
          VxIw2LHhjApV37+aoyuTbDmxHDZAEXZ/jlz6gQuFbfYUHAeWZuNHhO2/2qV9mq9R
          d95QFV9GglbnXuaGpWo2wpRx3QwgWKDWWKXe3nDI+YlmakrYQ4 rnk5JeRwIDAQAB
          AoGBAJPerZkqpWghSmh/TNFkIGk2cditgW/1gRhT4C92031wqgG5hGvRTmKGBoCB
          p7ainqfpSbTS/fZIDVB1IthMAmPEc2w65cy72n4LeDDtm71xE/diUrNsdd6DhBHq
          OEyBs2lrTrgSFUGP5Nv0OFXN5NpJyFBgKFe8ZUYmBPH0ML5RAk EA9xtZAIG5hEEV
          w0mlRXGFFxN0zz6jT5aTiQY5zq3NqzTNQeMtxPHUZjlOcQdT95 mJbScVfFEI4aFv
          +bQH6RhEaQJBANKjvA2JzAwZqFNuQU6fZhv3AemvHVppdiBdgr k5SvnTCkR3S8Je
          j35GuPStNGwsZz0fACBCesfTPVAqer+pdy8CQFC/tw3bVmxJeHsgjclrlzo7OWif
          524SnpOgXTOUyCiyUIC/ZC1/eREOmPuGkYHPwoDQzMybDnPs9VJ76jnZnEECQEtc
          +bN+Udsicu8my4bt0QLAZZbOaJookXMTAepzbTflIg9M/3YTjxOHCjXAorjxSh68
          MLdaEcPc+FruV+yrHVECQQDrB031Xo1ZPYqWy1jKy91/vsLNzqmZyrKnpkJStsHB
          /Re7MYL+5Rrk84y18FujfKKnzNTR0JbWL5JTF9VJAKpT
          -----END RSA PRIVATE KEY-----";

          then call the function:

          WebMgrSetSslCert( certificate, strlen(certificate), key, strlen(key), TRUE, TRUE);

          I have tried this approach and I get a return of -2 and no certificate has been
          generated. So my question is simply if my certificate and key strings are
          wrong in any way how do I change them so that they will work. Thanks.

          Comment


          • #6
            Need to get this working

            I do not want to seem impatient but I really need a response to my question. Our client needs this functionality very soon and until I hear back I am unable to implement it in the fashion that they want. Thank you.

            Comment


            • #7
              Looking at the XML import code, it looks like WebMgrSetSslCert() is expecting each line in the cert to end with \r\n. Are you maintaining the line endings?

              Comment


              • #8
                The -2 indicates an invalid cert.
                Specifically:
                • the cert, key, or their lengths are null or zero.

                • decoding the cert or key failed.

                Comment


                • #9
                  I am pretty sure I have tried maintaining line endings but I will try again.

                  Comment

                  Working...
                  X