Automating Rackspace SSL Load Balancer Certificate Mappings

Posted on by

This one doesn’t really come up that often at work, but it was some harmless fun I had this morning, when I thought, ‘is it possible to take some cert and key files’ and then build json around it with echo >> and sed the privateKey and publicCertificate into their rightful places in an lb.json file, and then curl a request against the Rackspace Load Balancer API.

So whats the point/joy of doing this? Well, it allows you to add certificate mappings with relative ease. Just plop your .cert and your .key file in the certificates folder, and the script can do all the rest. Of course you need to provide your username and APIKEY, but you always need to do that when making requests to the API. It’s also worth noting the TOKEN is generated automatically.

Next I will write a script that generates self signed certificates and then injects them in, so literally no user action is required. Obviously this isn’t going to be that useful, but if I connected it to an API-like certificate making service that was authorised ssl reseller, it would be a pretty tight product, I would go so far to say awesome.

Here is how I achieved it:

#!/bin/bash

USERNAME='mycloudusernamehere'
APIKEY='apikeyhere'

TOKEN=`curl https://identity.api.rackspacecloud.com/v2.0/tokens -X POST -d '{ "auth":{"RAX-KSKEY:apiKeyCredentials": { "username":"'$USERNAME'", "apiKey": "'$APIKEY'" }} }' -H "Content-type: application/json" |  python -mjson.tool | grep -A5 token | grep id | cut -d '"' -f4`


echo '
{
  "certificateMapping": {
     "hostName": "my.com",
     "certificate": "' > lb.json

cat certificates/private.key | sed ':a;N;$!ba;s/\n/\\n/g' > certificates/private.short
cat certificates/public.cert | sed ':a;N;$!ba;s/\n/\\n/g' >  certificates/public.short

cat certificates/public.short >> lb.json
echo '", "privateKey": "' >> lb.json
cat certificates/private.short >> lb.json
echo '" } }' >> lb.json


curl -v -H "X-Auth-Token: $TOKEN" -d @lb.json -X POST -H "content-type: application/json"  https://lon.loadbalancers.api.rackspacecloud.com/v1.0/10011111/loadbalancers/157089/ssltermination/certificatemappings

My colleague referred this as a ‘sneaky way’ to parse Json. He is indeed correct, I am quite sneaky, but if it’s simple and it works, then booyah. This is what the lb.json file looks like after it’s created by the above shellscript.

{
  "certificateMapping": {
     "hostName": "my.com",
     "certificate": "
-----BEGIN CERTIFICATE-----\nMIIC/TCCAeWgAwIBAgIJAP5bHAHitdeoMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV\nBAMMCnd3dy5teS5jb20wHhcNMTUxMjAyMDkzNjEzWhcNMjUxMTI5MDkzNjEzWjAV\nMRMwEQYDVQQDDAp3d3cubXkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxcSqtsqQUrFEY327avnR7uxxO6svkvPzzv7ANUhZ142OYZ4727sgDJeA\nbKllpxrCqZfnVDfd+YcloLukcHoEKYC0/6R/nygZbaXwA0WGLhNX+L43MEsldtGx\ntk3eO0Gs3B1t9na9NEjTO0YMxXsgnXrTZFUB2bD/UL8TkdtoWdlVgPwtIPeVyGZF\nhj3dBzO6SPvfixTrZLz8EAZ95I1bOHR+0UnXHZ6z7Bh+fKD4NQbXTSEFH/0HoAXV\nfHm5BxwsheFrQm3/0fisraArPFhDVfOrkCcVta8MniJn6SMtk8Us66ACIdl7uydM\nHqLqs29TQOGyB9nIxTL1h4T7+tbHiwIDAQABo1AwTjAdBgNVHQ4EFgQUOpK+W3FR\nUcttjZtmCEYwlXUon3AwHwYDVR0jBBgwFoAUOpK+W3FRUcttjZtmCEYwlXUon3Aw\nDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAL8Oo1nrykXCr2hYBg6on\nXLi5Tehsp6495U8xZygUL0fK08TUovjnVjln3qEsarotREZaTtmAjVrNZwYJrrn7\nHoxoOiccHw0FL3UfPR4q2oS+Z94Q+ZG9kXptO84nPV6WAx96lOXfPCVast9CsaVs\nkZRyZBQtYO+Mh53zxhouqNG69/OvSdDz4tCGi6MTZWmZGhnGx7SaTMITfOeK7IU8\nN4sMZwmHHsubKVZvcB0xN8Q+1Zwv7SPUuOi+OSd7v7llxlJ4bu2UQ55cLWb697dZ\nNCAChW2xsi157XUfPGnayfO/DbEQFdRULkKStY8o2jiu7GaovWtPVHY0kxjQKfY4\nQg==\n-----END CERTIFICATE-----\n
", "privateKey": "
-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAxcSqtsqQUrFEY327avnR7uxxO6svkvPzzv7ANUhZ142OYZ47\n27sgDJeAbKllpxrCqZfnVDfd+YcloLukcHoEKYC0/6R/nygZbaXwA0WGLhNX+L43\nMEsldtGxtk3eO0Gs3B1t9na9NEjTO0YMxXsgnXrTZFUB2bD/UL8TkdtoWdlVgPwt\nIPeVyGZFhj3dBzO6SPvfixTrZLz8EAZ95I1bOHR+0UnXHZ6z7Bh+fKD4NQbXTSEF\nH/0HoAXVfHm5BxwsheFrQm3/0fisraArPFhDVfOrkCcVta8MniJn6SMtk8Us66AC\nIdl7uydMHqLqs29TQOGyB9nIxTL1h4T7+tbHiwIDAQABAoIBAQCj+HBWR9KrTSBX\noQqAIoslnlIv17oFDFDMAbnZM5iRuGMhmrEkeJyU9BPdhAGtL+nP9Qsub3eSiLPw\n9ULcor3Kr1TiVEAf9H5Iw/kgrUcX8p/Qs91MJDH2ttuyPBOSa9xnT9s5Kq+qpurD\nzUuPfIvJJeoY2MZE+JRnHVWbbB+zxZ9dCzXGFsx5u4Yq1dI85vxB+5pzvPDJtQwy\nsIGszREHm6m1qeCXB3Hh3gU5un8fLh4kMfKAGcJEgS9AHXsKDgPSHOsCO3LnHGTW\nVyMtDpMEqq3rs/C2p533IDJylq+eoelnMnl8s2ieyxNjRCZLClQjpZdFgdULyPEK\nhWPOZgXBAoGBAP35DDvmWunIjEZxIlKnLn+vtz6kX+99HWpNouM3XegGp7rF8/7t\nlbwmYr8G290CjZNEjtvKW5vIPTkE8ZK8hZsmdbWkf92GUo1/cbIrZcfqBkC38rck\n5bWqXtyzzguRVMFj2UhqfYto4w6/bsA/8phnI5G0i8Op/VqE9rN5wpthAoGBAMdY\nxim7Clb54d1lCkq+uz3FA3WQkCEiq9ou6okEV3RqkqxqVjJW7Bjh0q4GSW8u2Xvh\nVaGx4Jk8Q9LCTB3x70TRTfAbg3RZqetclDPRan0tg1WHVcjzEqeS5xVa7uCBnBut\naTiT37MBzZRAh8oZQLOuFX+Y/pC5UTgv/p+glZZrAoGAOz23m9VMyZGNHvVO00bJ\n8uDS9pqzAhMGJIC9iRCmJ/Q9dbStCH702XF+wR5hdLkeuwZX6G7YVYsstLsxek/d\nPmaHOHqJlOu7H+RlafDzieFN2hTOWegSaQC3pfWPD2W0BnQ6/8hPRpCNvifrNo70\nEJamVltt6pMhVNcFELJLMaECgYBphjC//mbmy7gofkgIcRalCBlgrnndUIEwKg21\nIjs5QQELi+69Dw5Dzaa8wE83L9GopguyYHrIIwK0Gm44m81Q3IspQyc+/Afas1Mw\nava39NPE/rMGgMWrNzRkNZKl/XYpoI5GiOCt3ZJ5m/9FmECL3Oc8eDypV7AK0j0z\nOsp0qQKBgEhaQnwVN8+el/GEW/+weESP1GHWdvtDedeE19DOXnTNpR+V/wOpcpC7\n4oOlWARVCj4gGE+ugBSeX4slQmzu1L6p0npQ8jEIfbxR1znn+RK4EWKQKsoyfb1u\nw4ewR/Bwubv6iL7ct0FLFSjJXeNMc1+VmVpBTICpV0PrKbCP9uTw\n-----END RSA PRIVATE KEY-----
" } }