Extract server certificate from lxd-cloud/host

erik_lonroth · October 10, 2022, 6:07pm

Is there a means to get the server certificate from a lxd remote such that I can use that with “juju add-credentials --file ./credfile.yaml” ?

Tje juju credential file looks like this:

credentials:
  labb3:
    erik-frozen:
      auth-type: certificate
      client-cert: |
        -----BEGIN CERTIFICATE-----
        XXXXXXXXXXXXXXXXXX
        -----END CERTIFICATE-----
      client-key: |
        -----BEGIN EC PRIVATE KEY-----
        XXXXXXXXXXXXXXXXXXX
        -----END EC PRIVATE KEY-----
      server-cert: |
        -----BEGIN CERTIFICATE-----
        XXXXXXXXXXXXXXXXXXX
        -----END CERTIFICATE-----

So, I’m looking for a means to get the server-cert without having to login to the remote and get it.

turtle0x1 · October 10, 2022, 8:25pm

Does lxc query /1.0 give you want under environment → certificate? Looks like you need a trusted client to get certificate from that endpoint

erik_lonroth · October 11, 2022, 5:26am

How would I run this on a remote which is not yet added to the client?

Thanx

sdeziel · October 11, 2022, 1:29pm

This should work:

echo | openssl s_client -connect xeon:8443 2>/dev/null | openssl x509

# or

echo | openssl s_client -connect xeon:8443 2>/dev/null | sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/ p'