Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6E87D2009F9 for ; Mon, 23 May 2016 18:04:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6D7DB160A24; Mon, 23 May 2016 16:04:14 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DC577160A05 for ; Mon, 23 May 2016 18:04:13 +0200 (CEST) Received: (qmail 59967 invoked by uid 500); 23 May 2016 16:04:13 -0000 Mailing-List: contact dev-help@brooklyn.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@brooklyn.apache.org Delivered-To: mailing list dev@brooklyn.apache.org Received: (qmail 59941 invoked by uid 99); 23 May 2016 16:04:13 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 May 2016 16:04:13 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id E268C2C1F62 for ; Mon, 23 May 2016 16:04:12 +0000 (UTC) Date: Mon, 23 May 2016 16:04:12 +0000 (UTC) From: "John McCabe (JIRA)" To: dev@brooklyn.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (BROOKLYN-280) br cli fails to login to brooklyn instances with self-signed SSL certs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 23 May 2016 16:04:14 -0000 [ https://issues.apache.org/jira/browse/BROOKLYN-280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] John McCabe reassigned BROOKLYN-280: ------------------------------------ Assignee: John McCabe > br cli fails to login to brooklyn instances with self-signed SSL certs > ---------------------------------------------------------------------- > > Key: BROOKLYN-280 > URL: https://issues.apache.org/jira/browse/BROOKLYN-280 > Project: Brooklyn > Issue Type: Bug > Reporter: John McCabe > Assignee: John McCabe > > Attempt to log into Brooklyn with a cert generated following the instructions on {{ops/brooklyn_properties}}, results in the following error: > {code} > # br login https://10.10.10.100:8443 admin mypassword > Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate certificate for 10.10.10.100 because it doesn't contain any IP SANs > {code} > Adding the IP SAN (add {{-ext san=IP:10.10.10.100}} to the {{keytool}} invocation on JDK 1.7+) then results in: > {code} > # br login https://10.10.10.100:8443 admin mypassword > Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown authority > {code} > I suspect we may need to be tolerate of self-signed certs without a trustchain, but do so via a flag that the user must set explicitly, for example: > {code} > br login --trustall https://10.10.10.100 admin mypassword > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)