Hi James, Thanks for the ideas. As I mentioned, I am using the latest commit from devel, and have all the certificates. In fact, I showed that if I take the temporary file with CA certificates that Ansible creates and use it with gnutls-cli then the launchpad.net certificate validates.
Regards, Joost Op 29 apr. 2014 02:58 schreef "James Cammarata" <[email protected]>: > What version of Ansible are you running? There were some changes in 1.5.3+ > to address certificate validation issues on Ubuntu systems. Also please > make sure that you have the correct CA package installed (ca-certificates) > and that the /etc/ssl/certs/ directory is present and contains certificates. > > > On Mon, Apr 28, 2014 at 5:48 PM, Joost Cassee <[email protected]> wrote: > >> Hi, >> >> I am using the latest commit from the devel branch, and I am having >> difficulty adding an Apt repository. The system I am running Ansible on is >> Ubuntu 12.04, the provisioned host is running 14.04. I am using this task: >> >> - apt_repository: repo='ppa:webupd8team/java' >> >> The error is: >> msg: Failed to validate the SSL certificate for launchpad.net:443. Use >> validate_certs=no or make sure your managed systems have a valid CA >> certificate installed. Paths checked for this platform: /etc/ssl/certs, >> /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, >> /usr/share/ca-certificates/cacert.org, /etc/ansible >> >> I tried extracting the CA certificate file that urls.py builds and pass >> it to gnutls-cli to check whether the CA certificate is indeed missing: >> >> $ gnutls-cli --x509cafile certstmp.pem launchpad.net >> Processed 332 CA certificate(s). >> [...] >> - Certificate[0] info: >> - subject `OU=Domain Control Validated,CN=launchpad.net', issuer >> `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://cer >> ts.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - >> G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2 >> 014-04-08 05:33:03 UTC', expires `2014-07-25 18:24:13 UTC', SHA-1 >> fingerprint `3e6aa453dcc8f9888e7ee368b374d9e2b21917c5' >> - Certificate[1] info: >> - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU= >> http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certifica >> te Authority - G2', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, >> Inc.,CN=Go Daddy Root Certificate Authority - G2', RSA key >> 2048 bits, signed using RSA-SHA256, activated `2011-05-03 07:00:00 UTC', >> expires `2031-05-03 07:00:00 UTC', SHA-1 fingerprint `27a >> c9369faf25207bb2627cefaccbe4ef9c319b8' >> - Certificate[2] info: >> - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,CN=Go >> Daddy Root Certificate Authority - G2', issuer `C=US,O=The Go >> Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key >> 2048 bits, signed using RSA-SHA256, activated `2014-01-01 >> 07:00:00 UTC', expires `2031-05-30 07:00:00 UTC', SHA-1 fingerprint >> `340b2880f446fcc04e59ed33f52b3d08d6242964' >> - The hostname in the certificate matches 'launchpad.net'. >> - Peer's certificate is trusted >> [...] >> >> What else can I do to debug this problem? >> >> Regards, >> Joost >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/lmAp8ui0JEc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAMFyvFhNi5kM8ht-ZdRZLcDUO0jZzL%3Dm25y7P-pBvpgAg4SDMg%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAMFyvFhNi5kM8ht-ZdRZLcDUO0jZzL%3Dm25y7P-pBvpgAg4SDMg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEQrH%2BeCL_Q7cu52GzP2CAfuEg1JOZwpCwcgXeJVS2Jj4Xvdgg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
