On 22 May 2016 at 17:30, Brad Fitzpatrick <[email protected]> wrote: > Did you include the intermediate certs? > > You shouldn't need to configure the "trustedCerts" at all. > > > On Sun, May 22, 2016 at 7:56 AM, jason gessner <[email protected]> wrote: >> >> hello! >> >> I am playing around with the excellent camlistore.org/launch image. I >> have things up and running and managed to get a letsencrypt cert for it. I >> put that in the /config/ bucket and restarted camlistore and things look >> good in chrome. >> >> If i try to add my server to a local camlistore build's client-config.json >> and then connect, though, I get: >> >> ./bin/camtool -verbose search "loc:paris" >> Error: Get https://camlistore-test.multiply.org: x509: certificate signed >> by unknown authority >> >> If i grab the first 10 digits of the sha256 sig from the cert from >> chrome's dev tools (or from the output of openssl x509 -in ~/gce/tls.crt >> -text -noout, after "Signature Algorithm: sha256WithRSAEncryption") i am not >> able to use that in trustedCerts. >> >> I was able to use the signature value that the camtool error gave me in >> trustedCerts and that made things work, but i'm confused. I can't find the >> signature value camtool claims it gets anywhere, but my openssl tool >> knowledge isn't great. >> >> - Is a let's encrypt cert not trusted from the go/camlistore perspective >> somehow? >> - What is the right way to get the proper value from a cert for the >> trustedCerts field? >> >> One more thing: >> - why does restarting the camlistore server via the /status/ url properly >> pick up the cert, but restarting the VM overwrites the cert?
If it actually does the latter, I think it's a bug. How are you restarting the VM? And are you saying that the cert stored in the corresponding Cloud bucket gets overwritten? >> You received this message because you are subscribed to the Google Groups >> "Camlistore" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
