Creating a PEM file containing both cert and private key?

[jayhendren]

Is there a way to use the ssl_certificate cookbook to create a PEM file containing the signed certificate, intermediate certs (if any), and private key, in that order? I'm trying to write a cookbook to configure some HAProxy instances, and HAProxy needs the certs and key to live in a PEM file together. We already use ssl_certificate to manage SSL certs for other applications and generate self-signed certs in TestKitchen, so I was hoping to use it for HAProxy too.

[zuazo]

No, currently. Although I do not think that it will be difficult to add it to the cookbook.

But I have some doubts about how we can implement the interface. How do you expect it to work? I mean, adding a property to the resource and generating only the pem file, generating both the cert&key and pem, ...?

Of course, please, send me a PR if you try to implement it.

[jayhendren]

I'm not sure of how it should be implemented, but here are a couple thoughts:

• new resource(s) that takes existing certs/keys as input properties and converts them (e.g. pkcs12 to pem or vice-versa) and/or adds them to new or existing .pem or .p12 container files
• more properties on the existing resource for controlling whether the cert/key are output as one .pem file containing all certs/keys or output as one file per cert/key

[hrak]

The certificate cookbook has the boolean properties combined_file and nginx_cert to achieve this.