So I've dug through the perl and it looks like I should be passing through the content of those files.

Dean

    When I see this error in the GUI (which is really doing the same thing AFAIK) I usually convert the key format using openssl:

Try this and see how you go....

openssl rsa -in my-private-key.pem -text

The issue does seem to be you need to provide the contents of the key file to zcli. Now I can't work out how to split a command over multiple lines. If I try inputting the key and certificate as one line the riverbed cert tool fails to recognise them as being valid. It outputs:

Error reading key file:Invalid format, no '-----END' found

I tried the command with the key and cert on a single line and no joy (*):

* Before anyone comments on me posting a private key file in a forum, it is a test key created for this exercise..

Catalog.SSL.Certificates.importCertificate ["Example Certificate"] [ { private_key: "-----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQCs4vOOBoyLom2Wp8VwyW1JVD392r+5ThkgX+dwUTkb61ADPxMnJLRitumE5SOvP3saR54qnqcJFtlI1Ijv3FYSzqR9PP5en8lhanm9mvtJv+TZRA1TiVUxNM9CXa040jMvHutJ2rBRhn0WD3ny3M9bzF+OIsStfODORsSlOftTtwIDAQABAoGAcwmwtlh1PJSgBxcrsZjWN2zusvPTjyIAZiJqhboGHiW93+sge3NY9DZxvBQcYogDCcGN5R4cV1f0zRle5Pvf6RuycRQQuMdw9MFgp31QkuGt+I5/cIRr3WxUyEnlIk96twbK5l+O2hufY2iveZDDGYJ/Tnh3VxLPktdzmC5AXAECQQDYShZlo8Ya0o9OucPg6ZTnGEucqMg76cxSx2Tpb7KrT10KG5cbVO8ihVhWfCX5bth+5XlUQj35tsTsj7fQdDl3AkEAzKDdzzf0eUKMfoe1K+jAtyr8CihjpGr15/twgXPKIOVhE9BTTXBeDifuhIQOitKfKpPz4ueZNCHI4HBKt/RHwQJAF223DV13KRKj2VhAAo3qxjmYfyi9P9gsfM8CfFLQHMRlBKJGdPx3RtsA3aVnC6TZKK28vcbLJdCJdkJ/G8JrMwJAVMiqXrtebgem0p5D8KeFgd8rgsHtVyiCLtY9bUWekDa6HE2K1mEid1cQOpPEurw9+pRGztMK5VDCPEwKiWGLgQJBAMe9VRSd3SqnRxaanpNWhVqoa9t+x+Co2TrkelZNJaVERgLJlvfQNMBlyo0rj5xik6akOkgUqq7etR7JJgbCZKI=-----END RSA PRIVATE KEY-----", public_cert: "-----BEGIN CERTIFICATE-----MIIC7zCCAdegAwIBAgIGATzTkTGBMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAkFVMRIwEAYDVQQKDAlzbnJrbC5vcmcxIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxjYS5zbnJrbC5vcmcwHhcNMTMwMjEzMTIzOTMzWhcNMTQwMjEzMTIzOTM0WjAnMQswCQYDVQQGEwJBVTEYMBYGA1UEAwwPd3d3LndlYnNpdGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs4vOOBoyLom2Wp8VwyW1JVD392r+5ThkgX+dwUTkb61ADPxMnJLRitumE5SOvP3saR54qnqcJFtlI1Ijv3FYSzqR9PP5en8lhanm9mvtJv+TZRA1TiVUxNM9CXa040jMvHutJ2rBRhn0WD3ny3M9bzF+OIsStfODORsSlOftTtwIDAQABo3IwcDAfBgNVHSMEGDAWgBQ7O1i+1WtMYU26+JwmpfzSL4ERPDAdBgNVHQ4EFgQUgdbhZG/tYACaSBjiP/frUwlt53MwDgYDVR0PAQH/BAQDAgWgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBACJR9Jhg6ga7usSkzR1ODA7HVNqVvNCKulGLvn4JWuDejpoF+1/M492/6MJwVpp4wIfFw/azBLgm7JWiTKqrfiMzd9+yS78PLJmUdFqWdjlB5vPISdGmQGdXwTh9CQHZL4dta5mhLydADn1gcBCq8L4cddFx7ZcK1CCC/w1kSYdvi6ajbaV1GKzlqc9Q7n4sgrTBcbLnloDI3lYLUlYz1hckDNoIXHY1fE944ewgU9SIgrOOqAqtpLlCfB9ww58k5nynleGaSefgsUxRloOh0MtFtNivf044VkKcG6jo0ROkkpwDt31ma2ddEEuwB7gqSx6h6XhzTKDcTIv3M+83LFc=-----END CERTIFICATE-----" } ]  

I get an error also:

certificate and private key for 'Example Certificate' do not match (Certificate/private key pre-check failed: Error reading key file:Invalid format, no '-----END' found

Dean,

     Nice catch.. I tested it, and the only newlines you need are at the end of the ---BEGIN--- and ---END--- lines, so this worked too:

Catalog.SSL.Certificates.importCertificate ["Example Certificate"] [ { private_key: "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCs4vOOBoyLom2Wp8VwyW1JVD392r+5ThkgX+dwUTkb61ADPxMnJLRitumE5SOvP3saR54qnqcJFtlI1Ijv3FYSzqR9PP5en8lhanm9mvtJv+TZRA1TiVUxNM9CXa040jMvHutJ2rBRhn0WD3ny3M9bzF+OIsStfODORsSlOftTtwIDAQABAoGAcwmwtlh1PJSgBxcrsZjWN2zusvPTjyIAZiJqhboGHiW93+sge3NY9DZxvBQcYogDCcGN5R4cV1f0zRle5Pvf6RuycRQQuMdw9MFgp31QkuGt+I5/cIRr3WxUyEnlIk96twbK5l+O2hufY2iveZDDGYJ/Tnh3VxLPktdzmC5AXAECQQDYShZlo8Ya0o9OucPg6ZTnGEucqMg76cxSx2Tpb7KrT10KG5cbVO8ihVhWfCX5bth+5XlUQj35tsTsj7fQdDl3AkEAzKDdzzf0eUKMfoe1K+jAtyr8CihjpGr15/twgXPKIOVhE9BTTXBeDifuhIQOitKfKpPz4ueZNCHI4HBKt/RHwQJAF223DV13KRKj2VhAAo3qxjmYfyi9P9gsfM8CfFLQHMRlBKJGdPx3RtsA3aVnC6TZKK28vcbLJdCJdkJ/G8JrMwJAVMiqXrtebgem0p5D8KeFgd8rgsHtVyiCLtY9bUWekDa6HE2K1mEid1cQOpPEurw9+pRGztMK5VDCPEwKiWGLgQJBAMe9VRSd3SqnRxaanpNWhVqoa9t+x+Co2TrkelZNJaVERgLJlvfQNMBlyo0rj5xik6akOkgUqq7etR7JJgbCZKI=\n-----END RSA PRIVATE KEY-----", public_cert: "-----BEGIN CERTIFICATE-----\nMIIC7zCCAdegAwIBAgIGATzTkTGBMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAkFVMRIwEAYDVQQKDAlzbnJrbC5vcmcxIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxjYS5zbnJrbC5vcmcwHhcNMTMwMjEzMTIzOTMzWhcNMTQwMjEzMTIzOTM0WjAnMQswCQYDVQQGEwJBVTEYMBYGA1UEAwwPd3d3LndlYnNpdGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs4vOOBoyLom2Wp8VwyW1JVD392r+5ThkgX+dwUTkb61ADPxMnJLRitumE5SOvP3saR54qnqcJFtlI1Ijv3FYSzqR9PP5en8lhanm9mvtJv+TZRA1TiVUxNM9CXa040jMvHutJ2rBRhn0WD3ny3M9bzF+OIsStfODORsSlOftTtwIDAQABo3IwcDAfBgNVHSMEGDAWgBQ7O1i+1WtMYU26+JwmpfzSL4ERPDAdBgNVHQ4EFgQUgdbhZG/tYACaSBjiP/frUwlt53MwDgYDVR0PAQH/BAQDAgWgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBACJR9Jhg6ga7usSkzR1ODA7HVNqVvNCKulGLvn4JWuDejpoF+1/M492/6MJwVpp4wIfFw/azBLgm7JWiTKqrfiMzd9+yS78PLJmUdFqWdjlB5vPISdGmQGdXwTh9CQHZL4dta5mhLydADn1gcBCq8L4cddFx7ZcK1CCC/w1kSYdvi6ajbaV1GKzlqc9Q7n4sgrTBcbLnloDI3lYLUlYz1hckDNoIXHY1fE944ewgU9SIgrOOqAqtpLlCfB9ww58k5nynleGaSefgsUxRloOh0MtFtNivf044VkKcG6jo0ROkkpwDt31ma2ddEEuwB7gqSx6h6XhzTKDcTIv3M+83LFc=\n-----END CERTIFICATE-----" } ]

ZCLI is actually written to use the SOAP API on the STM.  I am sure you could mod yours to parse the file in rather than the string if you wanted to...

You can use a file in the file system, but the syntax for this is slightly on the cryptic side:

Catalog.SSL.Certificates.importCertificate example {private_key:<("example.private"), public_cert:<("example.public") }

This assumes that the files are in the current working directory; absolute file names should also work.

Michael Granzow also showed me something I hadn't seen before in zcli: the help syntax command

[email protected] > help syntax                                

Syntax for entering commands

Class.method arg1 arg2 arg3 ...



Arguments are space or comma-separated. Arguments with spaces, or with non-alphanumeric characters such as ":,|{}[]()'" characters, should be "quoted".




Many commands take a list of arguments, often corresponding to a list of objects (e.g. Virtual Servers). Lists should be put in square brackets, e.g.



VirtualServer.setTimeout [ "VS 1", "VS 2" ], [ 25, 30 ]




Commas between arguments are optional. As a shortcut, if the command expects a list but you are just giving one argument, you do not need to put the brackets around the arguments,

this will be performed for you, e.g. the following two commands are identical:



Pool.setKeepalive Intranet 1

Pool.setKeepalive [ Intranet ] [ 1 ]




Some commands expect structures with keys and values. These are entered using { } and using a ':' suffix on each key, e.g.



System.Stats.getNodeErrors { Address: 10.100.1.2, Port: 53 }




Wildcards are allowed for many functions. A '*' symbol will match multiple objects and also multiple commands (but they must have the same inputs), e.g.



Pool.getNodes *

VirtualServer.getPort System*

System.Stats.getWebCache*




String arguments can be read in from files on disk.  You can read the content of a file as an argument using the <(filename) operator:



Catalog.SSL.CertificateAuthorities.importCertificateAuthority "my CA" <(~/CAs/myCA.pem)

System.LicenseKeys.addLicenseKeys <(/tmp/mylicense.txt)




Finally, you can pipe the output to a UNIX command from the commandline. For example, if your terminal is not large enough to read all of the output from a command, try appending

'| more' to the end of the command, e.g.



help syntax | more