Did you include the intermediate certs? You shouldn't need to configure the "trustedCerts" at all.
On Sun, May 22, 2016 at 7:56 AM, jason gessner <[email protected]> wrote: > hello! > > I am playing around with the excellent camlistore.org/launch image. I > have things up and running and managed to get a letsencrypt cert for it. I > put that in the /config/ bucket and restarted camlistore and things look > good in chrome. > > If i try to add my server to a local camlistore build's client-config.json > and then connect, though, I get: > > ./bin/camtool -verbose search "loc:paris" > Error: Get https://camlistore-test.multiply.org: x509: certificate signed > by unknown authority > > If i grab the first 10 digits of the sha256 sig from the cert from > chrome's dev tools (or from the output of openssl x509 -in ~/gce/tls.crt > -text -noout, after "Signature Algorithm: sha256WithRSAEncryption") i am > not able to use that in trustedCerts. > > I was able to use the signature value that the camtool error gave me in > trustedCerts and that made things work, but i'm confused. I can't find the > signature value camtool claims it gets anywhere, but my openssl tool > knowledge isn't great. > > - Is a let's encrypt cert not trusted from the go/camlistore perspective > somehow? > - What is the right way to get the proper value from a cert for the > trustedCerts field? > > One more thing: > - why does restarting the camlistore server via the /status/ url properly > pick up the cert, but restarting the VM overwrites the cert? > > -jason > > -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
