Barbican certificate import issue

Find attached screenshot

Any update?

Hi,

I cannot determine the cause of this problem, because the image you provided cannot see the complete characters.

The images of correctly formatted characters can be referenced in the attachment.

If you have any other questions, welcome your feedback.

Thank you.

Give me few minutes and I will upload new screenshot. Still I am uploading my cert and key file here so its not something copy paste issue.

Why skyline saying or throwing error that its invalidate?

The certificate requires RSA encryption.

Skyline verifies '-----BEGIN RSA PRIVATE KEY-----' and '-----END RSA PRIVATE KEY-----'.

Oh wait, so "RSA" keyword has to be there?

Damn when I generate certificate on my compute it just generated crt and key file without RSA keyword. So I was just uploading that as it as.

Why do we have hard requirement to have "RSA" keyword in key?

Barbican in Skyline is only used to store certificates for Octavia.

For safety and effectiveness, we strictly restrict certificates to RSA format.

In the future, Skyline will consider relaxing the restrictions to support more certificate formats.

Shouldn’t be put warning or error related RSA instead just saying invalid? I burn my brain behind this and found it required RSA. What if I just change keyword to RSA and keep cipher different? How does it validate that it’s true RSA?

This issue was fixed in the openstack/skyline-console 3.0.0.0rc2 release candidate.

Just curious that what is the fix here? I didn’t see patch anywhere.

Here is the patch: https://review.opendev.org/c/openstack/skyline-console/+/896615

This issue was fixed in the openstack/skyline-console 4.0.0.0rc1 release candidate.