rhtyd commented on issue #2541: Add "Lets Encrypt CA" Certpath to SSVM Keystore 
(for cdimage.debian.org)
URL: https://github.com/apache/cloudstack/issues/2541#issuecomment-379474873
 
 
   This is more of a debian issue than CloudStack issue, example:
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809259
   
   On my testing, I found that debian ca-certificates is OK. Curling a 
letsencrypt https endpoint works but the java based agents fails for the same 
https URL with:
   ````
   sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
   ````
   
   We'll refresh a new systemvmtemplate as part of 4.11.1.0 release (that will 
be compatible with 4.11.0.0 as well) to include update ca-certificates 
packages. In addition, what we can do is to manually install/setup letsencrypt 
ca certs in the systemvmtemplate from https://letsencrypt.org/certificates/

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to