brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-280) br cli fails to login to brooklyn instances with self-signed SSL certs
Date Fri, 27 May 2016 10:31:12 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303899#comment-15303899
] 

ASF GitHub Bot commented on BROOKLYN-280:
-----------------------------------------

Github user geomacy commented on the pull request:

    https://github.com/apache/brooklyn-client/pull/21#issuecomment-222114100
  
    I don't think this necessarily needs to change to match the "-k / --insecure" of curl,
the current flag has a nicely meaningful name.


> br cli fails to login to brooklyn instances with self-signed SSL certs
> ----------------------------------------------------------------------
>
>                 Key: BROOKLYN-280
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-280
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: John McCabe
>            Assignee: John McCabe
>
> Attempt to log into Brooklyn with a cert generated following the instructions on {{ops/brooklyn_properties}},
results in the following error:
> {code}
> # br login https://10.10.10.100:8443 admin mypassword
> Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate certificate for
10.10.10.100 because it doesn't contain any IP SANs
> {code}
> Adding the IP SAN (add {{-ext san=IP:10.10.10.100}} to the {{keytool}} invocation on
JDK 1.7+) then results in:
> {code}
> # br login https://10.10.10.100:8443 admin mypassword
> Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown
authority
> {code}
> I suspect we may need to be tolerate of self-signed certs without a trustchain, but do
so via a flag that the user must set explicitly, for example:
> {code}
> br login --trustall https://10.10.10.100 admin mypassword
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message