Automated SSL/TLS Cert in CVP
Although CloudVision runs on CentOS 7 and uses nginx as a front end for the services, you can’t just use letsencrypt to issue a cert, as it seems like CV will overwrite it each time. I searched a bit and found a reference of using CV API to import and apply the cert.
After some trial and error I was able to write a simple 3 line curl commands which allow you to import & apply the cert issued by LE (I’m using acme.sh and I all ready issued the cert).
Using cURL
First we login to CVP and get a session cookie which we store in the file `cookie`
curl -kX POST \ --cookie cookie --cookie-jar cookie \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ -d '{ "userId": "user", "password": "secret" }' \ 'https://cvp/cvpservice/login/authenticate.do'
Next, we read the cer & key files which we created with acme.sh, removing the BEGIN
& END
headers and joining the lines,
#!/bin/bash set -e publicCert=$(awk '/^[^-]/ {printf($1)}' /etc/acme.sh/cvp/cvp.cer) privateKey=$(awk '/^[^-]/ {printf($1)}' /etc/acme.sh/cvp/cvp.key) curl -kX POST --cookie cookie --cookie-jar cookie \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ -d "{ \"publicCert\": \"${publicCert}\", \"privateKey\": \"${privateKey}\", \"certType\": \"cvpCert\", \"passPhrase\": \"\" }" \ 'https://cvp/cvpservice/ssl/importCertAndPrivateKey.do'
and finally we install the cert (via the API),
curl -kX POST \ --cookie cookie --cookie-jar cookie \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ 'https://cvp/cvpservice/ssl/installCertificate.do'
Now all you need to do is to pull all the above in a script and put in the (acme.sh) renew hook.
Using Ansible
Translating the above into an ansible playbook,