[charms] Incorrect Padding for SSL Cert/Key

Pete Vander Giessen pete.vandergiessen at canonical.com
Fri Feb 16 16:34:21 UTC 2018


Hi All,

I came across this thread when troubleshooting a similar problem, and
wanted to drop in the solution we came up with for posterity:

1) If you're dealing with an API, and the API comes back with an "incorrect
padding" error while parsing an SSL Cert, it usually means that the
formatting got munged somewhere. With most of the openstack charms, when
specifying an ssl cert in a bundle, you actually need to embed a yaml
escaped string inside of your yaml escaped string. I looks something like
this:

ssl_cert: |
    |
    your properly formatted ssl cert goes here.

Note that there are two pipes indicating the beginning of a yaml string in
the above config setup. You need them both! (Double escaping a big text
blob containing special characters is a really common pattern in a lot of
APIs -- you generally want to be aware of it, and watch out for it.)

2) For haproxy, you need to specify a service that listens on port 443 in
the "services" config key. By default, haproxy will only setup a service
listening on port 80. As Adam Collard mentioned, there are some great
examples in the haproxy tests: `tests/12_deploy_{trusty,xenial}.py`

~ PeteVG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20180216/b0d62c0f/attachment.html>


More information about the Juju mailing list