How to setup certs value in Credhub when Certificate lengths larger than 7000 characters

search cancel

How to setup certs value in Credhub when Certificate lengths larger than 7000 characters

book

Article ID: 297224

calendar_today

Updated On:

Products

Concourse for VMware Tanzu

Issue/Introduction

Customer setup Concourse pipeline for Upgrade OpsManager. When they set certs in key file for Bosh -> Security -> Trusted Certificates, it reports the error below:

The provided certificate value is too long. Certificate lengths must be less than 7000 characters.

This is a known issue for credhub as "7000 characters" is fixed to match the DB limit.

Environment

Product Version: 5.2

Resolution

The workaround for this is split the one cert (over 7000) into two files file1 and file2.
Using two separate certificate files, store them in Credhub by:

credhub set -t certificate -n /test/ops-manager/bosh_root_cert1 -c bosh-root_cert1.cer
credhub set -t certificate -n /test/ops-manager/bosh_root_cert2 -c bosh-root_cert2.cer

Then in the credhub-interpolate-config step in Concourse pipeline, config file like below:

security_configuration:
generate_vm_passwords: true
opsmanager_root_ca_trusted_certs: true
trusted_certificates: |
  ((bosh_root_cert1.certificate))
  ((bosh_root_cert2.certificate))

After that, it will get interpolated correctly.

Feedback

thumb_up Yes

thumb_down No