Automated SSL/TLS Cert in CVP

Although CloudVision runs on CentOS 7 and uses nginx as a front end for the services, you can’t just use letsencrypt to issue a cert, as it seems like CV will overwrite it each time. I searched a bit and found a reference of using CV API to import and apply the cert.

After some trial and error I was able to write a simple 3 line curl commands which allow you to import & apply the cert issued by LE (I’m using acme.sh and I all ready issued the cert).

Using cURL

First we login to CVP and get a session cookie which we store in the file `cookie`

curl -kX POST \
        --cookie cookie --cookie-jar cookie \
        --header 'Content-Type: application/json' \
        --header 'Accept: application/json' \
        -d '{
              "userId": "user",
              "password": "secret"
            }' \
        'https://cvp/cvpservice/login/authenticate.do'

Next, we read the cer & key files which we created with acme.sh, removing the BEGIN & END headers and joining the lines,

#!/bin/bash

set -e

publicCert=$(awk '/^[^-]/ {printf($1)}' /etc/acme.sh/cvp/cvp.cer)
privateKey=$(awk '/^[^-]/ {printf($1)}' /etc/acme.sh/cvp/cvp.key)

curl -kX POST --cookie cookie --cookie-jar cookie \
        --header 'Content-Type: application/json' \
        --header 'Accept: application/json' \
        -d "{
  \"publicCert\": \"${publicCert}\",
  \"privateKey\": \"${privateKey}\",
  \"certType\": \"cvpCert\",
  \"passPhrase\": \"\"
}" \
        'https://cvp/cvpservice/ssl/importCertAndPrivateKey.do'

and finally we install the cert (via the API),

curl -kX POST  \
        --cookie cookie --cookie-jar cookie \
        --header 'Content-Type: application/json' \
        --header 'Accept: application/json' \
        'https://cvp/cvpservice/ssl/installCertificate.do'

Now all you need to do is to pull all the above in a script and put in the (acme.sh) renew hook.

Using Ansible

Translating the above into an ansible playbook,