Skip to content

Trying to import Signed EC Cert/Key from another tool.

I'm trying to import a signed EC/Cert key from a Caddy instance. The files in question are in PEM format.

EC Key looks like...

-----BEGIN EC PRIVATE KEY-----
   ...DATA_HERE...
-----END EC PRIVATE KEY-----

EC Cert looks like...

-----BEGIN CERTIFICATE-----
MIIEBDCCA4qgAwIBAgIQVyDabKzO8adfPYtnJoQrETAKBggqhkjOPQQDAzBLMQsw
   ...DATA_HERE...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
   ...DATA_HERE...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
   ...DATA_HERE...
-----END CERTIFICATE-----

The code I'm trying to use is...

require("acmev2.js", "ACMEv2");
load("base-64.js");

var keyin = "/caddy-data/caddy/certificates/acme.zerossl.com-v2-dv90/roughneckbbs.com/roughneckbbs.com.key"
var certin = "/caddy-data/caddy/certificates/acme.zerossl.com-v2-dv90/roughneckbbs.com/roughneckbbs.com.crt"
var sks_fname = backslash(system.ctrl_dir)+"ssl.cert";
var maincnf_fname = backslash(system.ctrl_dir)+"main.cnf";

function getSystemPassword() {
  var maincnf = new File(maincnf_fname);
  if (!maincnf.open("rb", true)) {
    throw("Unable to open "+maincnf.name);
  }
  maincnf.position = 186; // Indeed.
  var syspass = maincnf.read(40);
  syspass = syspass.replace(/\x00/g,'');
  maincnf.close();
  return syspass;
}

function readFile(file) {
  var f = new File(file);
  if (!f.open("rb", true)) {
    throw("Unable to open "+f.name);
  }
  var ret = f.read();
  f.close();
  return ret;
}

function getKey(file) {
  const raw = readFile(file);
  const middle = raw.trim()
    .replace(/^[-]+[^\-]+[-]+/, '')
    .replace(/[-]+[^\-]+[-]+$/, '')
    .replace(/[\s\r\n]/g, '');
  var kc = new CryptContext(CryptContext.ALGO.ECDSA);
  kc.set_key(raw);
  return kc;
}

function getCert(file) {
  var cert = readFile(file);
  cert = ACMEv2.prototype.create_pkcs7(cert);
  cert = new CryptCert(cert);
  return cert;
}

var cert = getCert(certin);
var key = getKey(keyin); // genKey(); 
writeln(key);

var ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.CREATE);
ks.add_private_key(key, getSystemPassword());
ks.add_public_key(cert);
ks.close();

Any help would be appreciated... if I knew the expected format for ctrl/ssl.cert it might also be helpful.