Reset Search
 

 

Article

KB43923 - Unable to upload a large certificate via DMI RPC add-certificate command

« Go Back

Information

 
Last Modified Date10/31/2018 11:25 PM
Synopsis
This article describes an issue with uploading large certificates via DMI RPC add-certificate command.
Problem or Goal
A DMI session is started with the PCS by connecting over SSH using the following command:
 
ssh admin@<IP ADDRESS> -p <PORT #> -s netconf


Once connected the admin copies and pastes the base64 encoded certificate into the add-certificate RPC command via the SSH console window and when the command is submitted the RPC reply is as follows:
<rpc-reply message-id="" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><error-type>rpc</error-type><error-tag>invalid-value</error-tag><error-severity>error</error-severity></rpc-error></rpc-reply>]]>]]>



In the PCS Event log the following entry is generated: 
Received Netconf RPC request: <rpc message-id="12"> <add-certificate> <type>DEVICE_CERT</type> <cert>9LGBV<CUT>5ATAX<password>PASSWORD</password> </add-certificate></rpc>
 

The above output is missing part of the <cert> section of the RPC request.  The section in red in the following example log entry shows what would normally have been displayed if the command was processed correctly:


 
5ATAXVRIjpwP7</cert><password>PASWORD</password></add-certificate></rpc>
 


 
Cause
This issue is caused due to a buffer limit on the client.  There are no  size limits for certificates entered via DMI RPC in base64 encoded format on the PCS.  This issue is known to occur on clients if the base64 encoding is larger than ~4KB (4096 characters) in size.
Solution
Input redirection from a file can be used on the SSH command line with a '<' symbol to feed the RPC command from a text file into the DMI netconf session as per the following command:  
ssh admin@<IP ADDRESS> -p <PORT #> -s netconf < [TEXT FILE WITH RPC XML]


A certificate with larger than 4KB in size can also be successfully uploaded to the PCS device via the Admin GUI, which will also prevent this problem.

Related Links
Attachment 1 
Created ByMatthew Spiers

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255