Can you try curl -kvs "https://admin:password@riakURL :8088/search/query/sslkeys?wt=json&q=cdn:nirs-tc1-cdn" and let me know what that returns? It should return to you the ssl certs for your delivery service. If it does not can you try to go into the “Paste Keys” screen in traffic ops, press the save button to save the SSL certs again, and then re-run the curl? If they are still not showing up after that you may have hit a bug we found earlier that is now fixed in master where the content-type isn’t set correctly on the PUT to Riak. The workaround is to change line 104 of traffic_ops/app/lib/Connection/RiakAdapter.pm from return $ua->put( $fqdn, Content => $value ); to return $ua->put( $fqdn, Content => $value, 'Content-Type'=> $content_type ); and restart traffic_ops. After you restart Traffic Ops go into the paste keys screen, save your keys again, and run the curl again. Let me know how it goes.
Thanks, Dave On Thu, Jan 19, 2017 at 7:46 AM, Steve Malenfant <[email protected]> wrote: > In not probably the one that can explain that to you, but I believe there > is additional settings in riak for TC >1.7. I've heard of enabling riak > search and new security parameters... > > On Thu, Jan 19, 2017 at 8:35 AM Nir Sopher <[email protected]> wrote: > > > Hi, > > > > > > > > After a reboot, key generation indeed works. Thank you:) > > > > However, the traffic server still encounter the issue: > > > > ERROR result for http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/ > > > > name/nirs-tc1-cdn/sslkeys.json is: ...{"message":"No SSL certificates > > found > > > > for nirs-tc1-cdn"}... > > > > FATAL http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/ > > > > name/nirs-tc1-cdn/sslkeys.json returned HTTP 404! > > > > > > > > Can it be that something is badly configured in my delivery-service? Or > > > > maybe in my traffic ops configuration? > > > > Maybe an RPM missing? > > > > > > > > Thank you both again. > > > > Nir > > > > > > > > On Thu, Jan 19, 2017 at 3:12 PM, Steve Malenfant <[email protected]> > > > > wrote: > > > > > > > > > Have you tried to simply restart Traffic Ops? We've seen ours (1.6) not > > > > > being able to create Certificates after a while. > > > > > > > > > > On Wed, Jan 18, 2017 at 11:10 PM, Nir Sopher <[email protected]> wrote: > > > > > > > > > > > ERROR result for > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > > > > > nirs-tc1-cdn/sslkeys.json is: ...{"message":"No SSL certificates > found > > > > > for > > > > > > nirs-tc1-cdn"}... > > > > > > FATAL http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > > > > > nirs-tc1-cdn/sslkeys.json returned HTTP 404! > > > > > > > > > > > > > > > > > > On Thu, Jan 19, 2017 at 12:43 AM, Dave Neuman <[email protected]> > > wrote: > > > > > > > > > > > > > What error are you getting in ORT? > > > > > > > > > > > > > > On Wed, Jan 18, 2017 at 11:57 AM, Nir Sopher <[email protected]> > wrote: > > > > > > > > > > > > > > > OK. > > > > > > > > I called the command from traffic op and got the below output, > > which > > > > > > > looks > > > > > > > > ok to me. > > > > > > > > So now I know that adding a certificate via the "paste" screen > > works > > > > > > (and > > > > > > > > not only say "success"). > > > > > > > > Still, pulling the configuration via the ort script fails. > > > > > > > > > > > > > > > > Regarding the log, no message during the certificate paste. My > log > > > > > cfg > > > > > > is > > > > > > > > also paste below. > > > > > > > > > > > > > > > > 10x, > > > > > > > > Nir > > > > > > > > > > > > > > > > $ cat /opt/traffic_ops/app/conf/production/log4perl.conf > > > > > > > > log4perl.rootLogger = ERROR, SCREEN, FILE > > > > > > > > log4perl.appender.FILE = Log::Log4perl::Appender::File > > > > > > > > log4perl.appender.FILE.layout = PatternLayout > > > > > > > > log4perl.appender.FILE.layout.ConversionPattern = [%d{ISO8601}] > > [%p] > > > > > > > %m%n > > > > > > > > log4perl.appender.FILE.filename = /var/log/traffic_ops/traffic_ > > > > > ops.log > > > > > > > > > > > > > > > > log4perl.appender.SCREEN = Log::Log4perl::Appender::Screen > > > > > > > > log4perl.appender.SCREEN.layout = PatternLayout > > > > > > > > log4perl.appender.SCREEN.layout.ConversionPattern = > [%d{ISO8601}] > > > > > [%p] > > > > > > > > %m%n > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > $ curl -k "https://admin:admin123@vault- > > > > > int.nirs-tc1.tc-dev.qwilt.com: > > > > > > > > 8088/riak/ssl/ynet-images-latest" > > > > > > > > {"cdn":"nirs-tc1-cdn","deliveryservice":"ynet-images" > > > > > > > > ,"certificate":{"csr":" > > > > > > > > LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0NCk1JSUI2REND > > > > > > > > QVZFQ0FRQXdnYWN4\nQ3pBSkJnTlZCQVlUQWtsTU1ROHdEU > > > > > > > > VlEVlFRSURBWkpjM0poWld3eEZEQVMNCkJnTlZCQWNNQzBo\ > > > > > > > > ndlpFaGhjMmhoY205dU1RNHdEQVlEVlFRS0RBVlJkMmxzZERFTE1Ba0dBMVV > > > > > > > > FQ3d3Q1VVTXgNCk5U\nQXpCZ05WQkFNTUxDb3VlVzVsZEMxc > > > > > > > > GJXRm5aWE11Ym1seWN5MTBZekV0WTJSdUxuUmpMV1JsZGk1\ > > > > > > > > namNXeHYNCmRXUXVZMjl0TVIwd0d3WUpLb1pJaHZjTkFRa0JGZzV1YVhKelF > > > > > > > > IRjNhV3gwTG1OdmJU\nQ0JuekFOQmdrcWhraUcNCjl3MEJBU > > > > > > > > UVGQUFPQmpRQXdnWWtDZ1lFQTAxVWZnbzZrcEJOMGNQOEV5\ > > > > > > > > nVXY4MW9WNFB2WlJoM2V5dmViNjBaZnQNCldjblZ0Zk53N1ZJRW52Q1ByU0J > > > > > > > > 6b25MajI4NGoyUGcv\nQkhQQ3Rudmc2N2N5bXRKT2pJVU4rZ > > > > > > > > XoyRXkvSUxnUXYNCkdjZFQ0RmErTGZmcXFudUc3Y3gxcDRU\ > > > > > > > > nR3k2aGpYdFNPZ2R0YklyNFhEajJiWlBIVTVxTFlkak1QSXZXc2M5aGkNCmV > > > > > > > > QY0NBd0VBQWFBQU1B\nMEdDU3FHU0liM0RRRUJCUVVBQTRHQ > > > > > > > > kFDRGJQUlFSM1RkNWh1QmtQMUg3V0l4ejdjNU8NCnJsYnpn\ > > > > > > > > nWHlxcEpjRFg2Q3RJaEd1d1orYkxIa3Y4dXdsMUoyZm5QTWM3TlB4UGxjbXY > > > > > > > > 0RWU3RXpJQ3dJTzBr\ncTMNClFvdksraEp1MDJLTE1peUp5b > > > > > > > > HZpT1VEeWlldEtPdEpDNlVKelNhZEpjWjVnSmJzNjNiRk83\ > > > > > > > > nWmlpbDQ0UmdKaFYNCklBMSsyYUwwU0hmeTY4R2cNCi0tLS0tRU5EIENFUlR > > > > > > > > JRklDQVRFIFJFUVVF\nU1QtLS0tLQ==","crt":" > > > > > LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS > > > > > > > > 0tLS0tDQpNSUlDeHpDQ0FqQUNDUURvZlNRcTJpcnQ4REFO\ > > > > > > > > nQmdrcWhraUc5dzBCQVFVRkFEQ0JwekVMTUFrR0ExVUVCaE1DDQpTVXd4RHp > > > > > > > > BTkJnTlZCQWdNQmts\nemNtRmxiREVVTUJJR0ExVUVCd3dMU > > > > > > > > 0c5a1NHRnphR0Z5YjI0eERqQU1CZ05WDQpCQW9NQlZGM2FX\ > > > > > > > > neDBNUXN3Q1FZRFZRUUxEQUpSUXpFMU1ETUdBMVVFQXd3c0tpNTVibVYwTFd > > > > > > > > sdFlXZGxjeTV1DQph\nWEp6TFhSak1TMWpaRzR1ZEdNdFpHV > > > > > > > > jJMbU54Ykc5MVpDNWpiMjB4SFRBYkJna3Foa2lHOXcwQkNR\ > > > > > > > > nRVdEbTVwDQpjbk5BY1hkcGJIUXVZMjl0TUI0WERURTNNREV4TmpFeE5UQTB > > > > > > > > NbG9YRFRFNE1ERXhO\nakV4TlRBME1sb3dnYWN4DQpDekFKQ > > > > > > > > mdOVkJBWVRBa2xNTVE4d0RRWURWUVFJREFaSmMzSmhaV3d4\ > > > > > > > > nRkRBU0JnTlZCQWNNQzBodlpFaGhjMmhoDQpjbTl1TVE0d0RBWURWUVFLREF > > > > > > > > WUmQybHNkREVMTUFr\nR0ExVUVDd3dDVVVNeE5UQXpCZ05WQ > > > > > > > > kFNTUxDb3VlVzVsDQpkQzFwYldGblpYTXVibWx5Y3kxMFl6\ > > > > > > > > nRXRZMlJ1TG5SakxXUmxkaTVqY1d4dmRXUXVZMjl0TVIwd0d3WUpLb1pJDQp > > > > > > > > odmNOQVFrQkZnNXVh\nWEp6UUhGM2FXeDBMbU52YlRDQm56Q > > > > > > > > U5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDDQpnWUVB\ > > > > > > > > nMDFVZmdvNmtwQk4wY1A4RXlVdjgxb1Y0UHZaUmgzZXl2ZWI2MFpmdFdjblZ > > > > > > > > 0Zk53N1ZJRW52Q1By\nU0J6DQpvbkxqMjg0ajJQZy9CSFBDd > > > > > > > > G52ZzY3Y3ltdEpPaklVTitlejJFeS9JTGdRdkdjZFQ0RmEr\ > > > > > > > > nTGZmcXFudUc3Y3gxDQpwNFRHeTZoalh0U09nZHRiSXI0WERqMmJaUEhVNXF > > > > > > > > MWWRqTVBJdldzYzlo\naWVQY0NBd0VBQVRBTkJna3Foa2lHD > > > > > > > > Qo5dzBCQVFVRkFBT0JnUUJha0tKaTNrN1hOUDljWTZ0K05i\ > > > > > > > > nT0hNVWJPWVI0WWE2Y2xKN3cyYU1CSTNYdjNZMUcyDQo5K1ZxajA1cDZXaU8 > > > > > > > > xWVNGWWRBb2QxSnRD\nNDRieUt4NWRBbTNKdnZrUWZNNU8xb > > > > > > > > 09zNG8yWnhrMXRmZmVqN3NkDQpCSDBKOGdqSkhYbmg0TWFm\ > > > > > > > > neHhzR09KSXhOSXI3aDA5cTZYUENaTlVVaTROQnRrRzVVM2dsUnB0YWlnPT0 > > > > > > > > NCi0tLS0tRU5EIENF\nUlRJRklDQVRFLS0tLS0=","key":" > > > > > > > > LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJQ1hRSUJBQUtC > > > > > > > > Z1FEVFZSK0NqcVNr\nRTNSdy93VEpTL3pXaFhnKzlsR0hkN > > > > > > > > 0s5NXZyUmwrMVp5ZFcxODNEdA0KVWdTZThJK3RJSE9pY3VQ\ > > > > > > > > nYnppUFkrRDhFYzhLMmUrRHJ0ekthMGs2TWhRMzU3UFlUTDhndUJDOFp4MVB > > > > > > > > nVnI0dA0KOStxcWU0\nYnR6SFduaE1iTHFHTmUxSTZCMjFza > > > > > > > > XZoY09QWnRrOGRUbW90aDJNdzhpOWF4ejJHSjQ5d0lEQVFB\ > > > > > > > > nQg0KQW9HQkFNQmpSL0pGQldGUlRMbnBqMlBweDExTDJISUpMNk9SdHFqbTl > > > > > > > > BT0d1Yzc1elpKODhw\nczZCWGJrTFFoQQ0KK01RMHIzYlZMU > > > > > > > > kZDdmF2Qjdzck43NjdtOGlzU3JMWGZWK09MeGlQU2NGMHZk\ > > > > > > > > nck5Zd1k4YlREMnl5SnpnM0hYcA0KUFVvZDBMQzlzMmdlcW5kRU1ha21BYkJ > > > > > > > > 2T1ZHNkxKMTF1NXVU\nV1FBdWhPYmg0NzN4QWtFQS9ValN6a > > > > > > > > jVxUVk2bA0KeVJ2eVh2enM4S0RWVjZCc3k4eHNIaUJjNUg3\ > > > > > > > > ndEdiL3B3WGZaZ0RDQ0xkaUlBSzdVZ0lmOHZlbDkxNEM1dFB0Zg0KdEhxZEd > > > > > > > > 5bXJ1d0pCQU5XWktB\nT2dXN0VZVXJ3OWFTdjlKM0Z3dHp4W > > > > > > > > E9NZURpTnNtbW40OXJ5dmN2bmR6dEVlVA0KOWVybVJsM0N3\ > > > > > > > > nSE1uZ0ZIS2VYVmJ1dENoWlkvZDZaKy83ZlVDUUZPaUlEbUowbndqSmdycDk > > > > > > > > zWDEvaWJXZEp1aQ0K\nbFVvV0RmMUVvbWV3b1luSEhPQ05Pb > > > > > > > > nhoaUJxclRQMHN2VzVUZU5rY3FEam9nR21LTjJmWXROZXJR\ > > > > > > > > ndEVDUUJWZQ0KM25jR2EwWWJ0ZU5wallVK0xkMFd0dTZObDN1MnVGR2MyaVk > > > > > > > > 1UzdacXZvKzYvdFdP\nZ3pNK1dObjJxMFNhTmlkNA0KeDVBc > > > > > > > > lhsU1RZVkwway9STXdxVUNRUUR6SFoyT0JRbHJEdmFyWWIy\ > > > > > > > > nek1KZkFpMjRmV0lCQ1VTM2tuSmNzZGt3bA0Kc1BseVFZRndDRUMySzh6Y01 > > > > > > > > DaFVTcVRuZ0NlWWpK\nenJNbXU4Qkp1M1VCNmENCi0tLS0tR > > > > > > > > U5EIFJTQSBQUklWQVRFIEtFWS0tLS0t"},"version":"5","hostname":"*. > > > > > > > > ynet-images.nirs-tc1-cdn.tc-dev.qwilt.com","key":"ynet-images"} > > > > > > > > > > > > > > > > On Wed, Jan 18, 2017 at 8:01 PM, Dave Neuman <[email protected]> > > > > > > wrote: > > > > > > > > > > > > > > > > > The second curl would be: curl -k " > > > > > > > > > https://admin:[email protected]:8 > > > > > > > > > 088/riak/ssl/ynet-images-latest > > > > > > > > > " > > > > > > > > > > > > > > > > > > If that works from your traffic_ops host then it should also > work > > > > > > when > > > > > > > > you > > > > > > > > > go into the paste keys screen. > > > > > > > > > > > > > > > > > > Turning on Debug logging might also help. You can set > > > > > > > > log4perl.rootLogger = > > > > > > > > > ERROR, SCREEN, FILE in traffic_ops/app/conf/ > > > > > production/log4perl.conf > > > > > > > > > > > > > > > > > > Try that out and send me what, if anything, you see in the log. > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > Dave > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Jan 18, 2017 at 9:14 AM, Nir Sopher <[email protected]> > > > > > wrote: > > > > > > > > > > > > > > > > > > > Thanks Dave, > > > > > > > > > > I am pasting the keys through the Manange SSL Keys -> Paste > > > > > > Existing > > > > > > > > Keys > > > > > > > > > > screen. > > > > > > > > > > > > > > > > > > > > Below is the output of the curl commands: > > > > > > > > > > > > > > > > > > > > $ curl -k "https://admin:admin123@vault- > > > > > > > int.nirs-tc1.tc-dev.qwilt.com: > > > > > > > > > > 8088/buckets/ssl/keys?keys=true" > > > > > > > > > > {"keys":["ynet-images-5","ynet-images-latest","ynet- > > > > > > > > > > images-4","ynet-images-3"]} > > > > > > > > > > > > > > > > > > > > $ curl -k "https://admin:admin123@vault- > > > > > > > int.nirs-tc1.tc-dev.qwilt.com: > > > > > > > > > > 8088/riak/ssl/xmlid-latest" > > > > > > > > > > not found > > > > > > > > > > > > > > > > > > > > Nir > > > > > > > > > > > > > > > > > > > > On Wed, Jan 18, 2017 at 4:56 PM, Dave Neuman < > > [email protected]> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > That sucks that it still doesn't work :( > > > > > > > > > > > > > > > > > > > > > > Lets start with the config. You said you had to set ` > > > > > > > > > > > listener.https.internal= 0.0.0.0:8088`, we have that > > > > > configured > > > > > > > with > > > > > > > > > the > > > > > > > > > > > IP > > > > > > > > > > > of the riak server, but if you can successfully make curl > > > > > > requests > > > > > > > > from > > > > > > > > > > the > > > > > > > > > > > traffic_ops server, then I guess that is ok. > > > > > > > > > > > > > > > > > > > > > > As for the error you are getting...that error is basically > > > > > saying > > > > > > > > that > > > > > > > > > > Riak > > > > > > > > > > > cannot find the SSL Keys that you are looking for. > > > > > > > > > > > > > > > > > > > > > > Which endpoint are you using when you get that error? Are > > you > > > > > > > going > > > > > > > > > > > through the Manange SSL Keys -> Paste Existing Keys screen? > > Or > > > > > > are > > > > > > > > you > > > > > > > > > > > hitting an API? > > > > > > > > > > > > > > > > > > > > > > You should be able to see if the keys exist by running > `curl > > > > > -k > > > > > > > > > > > "https://admin:password@riakURL:8088/buckets/ssl/keys? > > > > > > keys=true"` > > > > > > > > and > > > > > > > > > > > looking for XMLID-latest in the list of keys; you could > also > > > > > run > > > > > > > > `curl > > > > > > > > > -k > > > > > > > > > > > "https://admin:password@riakURL:8088/riak/ssl/xmlid- > latest"` > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > Dave > > > > > > > > > > > > > > > > > > > > > > On Tue, Jan 17, 2017 at 1:57 PM, Nir Sopher < > [email protected]> > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > Thank you Dave:) > > > > > > > > > > > > > > > > > > > > > > > > Indeed I was using Riak 2.2 with TC 1.7. > > > > > > > > > > > > I moved now to Riak 2.1.3 (same traffic ops, just > replaced > > > > > the > > > > > > > > > vault). > > > > > > > > > > > > I see the same issues. The only change is the added log > > > > > > messages > > > > > > > in > > > > > > > > > > > traffic > > > > > > > > > > > > ops log during certificate generation: > > > > > > > > > > > > > > > > > > > > > > > > [2017-01-17 20:29:58,119] [ERROR] Active Server Severe > > Error: > > > > > > > 404 - > > > > > > > > > > > > vault-int.nirs-tc1.tc-dev.qwilt.com:8088 - not found > > > > > > > > > > > > > > > > > > > > > > > > Nir > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jan 17, 2017 at 6:56 PM, Dave Neuman < > > > > > > [email protected]> > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > Hey Nir, > > > > > > > > > > > > > I think I can help here. First of all, what version of > > > > > > Traffic > > > > > > > > > > Control > > > > > > > > > > > > are > > > > > > > > > > > > > you running and which version of Riak are you running? > > We > > > > > > have > > > > > > > > > seen > > > > > > > > > > > > issues > > > > > > > > > > > > > using newer versions of Riak with Traffic Control 1.7 > and > > > > > > 1.8. > > > > > > > > > Those > > > > > > > > > > > > > issues should be resolved in the next release. For now > > we > > > > > > > > > recommend > > > > > > > > > > > you > > > > > > > > > > > > > use Riak 2.1.x and not 2.2.x > > > > > > > > > > > > > > > > > > > > > > > > > > Once I know that we can start digging deeper. > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > Dave > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jan 17, 2017 at 9:44 AM, Nir Sopher < > > > > > [email protected]> > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > > > > > > > > > I am trying to launch a traffic vault and connect it > to > > > > > my > > > > > > > > > > > traffic-ops > > > > > > > > > > > > > > server. > > > > > > > > > > > > > > I followed the instructions in the admin guide > > > > > > > > > > > > > > <http://traffic-control-cdn. > > > > > net/docs/latest/admin/traffic_ > > > > > > > > > > vault.html > > > > > > > > > > > >, > > > > > > > > > > > > > > installing riak <http://goog_1273226474>2.2.0-1 > > > > > > > > > > > > > > <http://s3.amazonaws.com/ > downloads.basho.com/riak/2.2/ > > > > > > > > > > > > > > 2.2.0/rhel/6/riak-2.2.0-1.el6.x86_64.rpm> > > > > > > > > > > > > > > working with a self signed certificate (created via > the > > > > > > > > > > instructions > > > > > > > > > > > in > > > > > > > > > > > > > > this > > > > > > > > > > > > > > <http://www.akadia.com/services/ssh_test_certificate > . > > > > > html> > > > > > > > > link) > > > > > > > > > > > > > > > > > > > > > > > > > > > > I had to deviate from the document in a few places in > > > > > order > > > > > > > to > > > > > > > > > > > > progress: > > > > > > > > > > > > > > > > > > > > > > > > > > > > - Replacing the host part in the riak listener > > > > > > > configuration > > > > > > > > > > with > > > > > > > > > > > > > > 0.0.0.0. Using real hostname made riak to fail. > e.g. > > > > > > > > > > > > > > listener.https.internal > > > > > > > > > > > > > > = 0.0.0.0:8088 > > > > > > > > > > > > > > - Setting ssl.cacertfile to point at the > server.crt > > > > > (as > > > > > > > this > > > > > > > > > is > > > > > > > > > > a > > > > > > > > > > > > self > > > > > > > > > > > > > > signed certificate): ssl.cacertfile = > > > > > > > > > /etc/riak/certs/server.crt > > > > > > > > > > > > Note > > > > > > > > > > > > > > that I assume that this certificate is only used > for > > > > > > > > "traffic > > > > > > > > > > > vault > > > > > > > > > > > > > > https" > > > > > > > > > > > > > > connections. > > > > > > > > > > > > > > - In traffic ops, I initially set the "tcp port" > to > > > > > > "8098" > > > > > > > > and > > > > > > > > > > > > "https > > > > > > > > > > > > > > port" to "8088". When traffic ops tried to connect > > the > > > > > > > vault > > > > > > > > > it > > > > > > > > > > > did > > > > > > > > > > > > it > > > > > > > > > > > > > > via > > > > > > > > > > > > > > port "8098", so I changed the "tcp port" to "8088" > > in > > > > > > > order > > > > > > > > > for > > > > > > > > > > > > https > > > > > > > > > > > > > > to be > > > > > > > > > > > > > > used. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Validating the installation using curl -kvs " > > > > > https://admin > > > > > > > > > > > > > > :password@riakserver > > :8088/search/query/sslkeys?wt=json& > > > > > > > > > > q=cdn:mycdn" > > > > > > > > > > > > > > Produced the below output: > > > > > > > > > > > > > > < HTTP/1.1 200 OK > > > > > > > > > > > > > > < Server: MochiWeb/1.1 WebMachine/1.10.9 (cafe not > > found) > > > > > > > > > > > > > > < Date: Wed, 11 Jan 2017 12:26:07 GMT > > > > > > > > > > > > > > < Content-Type: application/json; charset=UTF-8 > > > > > > > > > > > > > > < Content-Length: 571 > > > > > > > > > > > > > > < > > > > > > > > > > > > > > {"responseHeader":{"status":0, > > > > > > "QTime":176,"params":{"shards" > > > > > > > :" > > > > > > > > > > > > > > > > vault-int.nirs-tc1.tc-dev.qwilt.com:8093/internal_solr/ > > > > > > > sslkeys > > > > > > > > > > > > > > ","q":"cdn:nirs-tc1-cdn","wt":"json"," > > > > > > > > > > > > > > vault-int.nirs-tc1.tc-dev.qwilt.com:8093 > ":"(_yz_pn:62 > > > > > AND > > > > > > > > > > > > (_yz_fpn:62)) > > > > > > > > > > > > > OR > > > > > > > > > > > > > > _yz_pn:61 OR _yz_pn:58 OR _yz_pn:55 OR _yz_pn:52 OR > > > > > > _yz_pn:49 > > > > > > > > OR > > > > > > > > > > > > > _yz_pn:46 > > > > > > > > > > > > > > OR _yz_pn:43 OR _yz_pn:40 OR _yz_pn:37 OR _yz_pn:34 > OR > > > > > > > > _yz_pn:31 > > > > > > > > > OR > > > > > > > > > > > > > > _yz_pn:28 OR _yz_pn:25 OR _yz_pn:22 OR _yz_pn:19 OR > > > > > > _yz_pn:16 > > > > > > > > OR > > > > > > > > > > > > > _yz_pn:13 > > > > > > > > > > > > > > OR _yz_pn:10 OR _yz_pn:7 OR _yz_pn:4 OR > > > > > > > > > > > _yz_pn:1"}},"response":{"numFo > > > > > > > > > > > > > > und":0,"start":0,"maxScore":0.0,"docs":[]}} > > > > > > > > > > > > > > * Connection #0 to host vault-int.nirs-tc1.tc-dev. > > > > > > qwilt.com > > > > > > > > left > > > > > > > > > > > > intact > > > > > > > > > > > > > > * Closing connection # > > > > > > > > > > > > > > > > > > > > > > > > > > > > However, when I created a delivery-service and tried > to > > > > > > > > > "generate" > > > > > > > > > > a > > > > > > > > > > > > > > certificate via traffic-ops, I got the below message: > > > > > > > > > > > > > > SSL keys for <ds> could not be created. Response > was: > > > > > > Error > > > > > > > > > > creating > > > > > > > > > > > > key > > > > > > > > > > > > > > and csr. Result is -1 > > > > > > > > > > > > > > No log message found int traffic_ops log or in the > riak > > > > > > log, > > > > > > > to > > > > > > > > > > > explain > > > > > > > > > > > > > the > > > > > > > > > > > > > > issue. > > > > > > > > > > > > > > > > > > > > > > > > > > > > When pasting a certificate (self signed, including > the > > > > > > "----" > > > > > > > > > > headers > > > > > > > > > > > > and > > > > > > > > > > > > > > footers), the operation succeed. However, when the > > > > > traffic > > > > > > > > > servers > > > > > > > > > > > > tried > > > > > > > > > > > > > to > > > > > > > > > > > > > > pull this configuration, I got the below message: > > > > > > > > > > > > > > ERROR result for > > > > > > > > > > > > > > > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > > > > > > > > > > > > > nirs-tc1-cdn/sslkeys.json > > > > > > > > > > > > > > is: ...{"message":"No SSL certificates found for > > > > > > > > > nirs-tc1-cdn"}... > > > > > > > > > > > > > > FATAL > > > > > > > > > > > > > > > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > > > > > > > > > > > > > nirs-tc1-cdn/sslkeys.json > > > > > > > > > > > > > > returned HTTP 404! > > > > > > > > > > > > > > > > > > > > > > > > > > > > Any idea what may cause these issues? > > > > > > > > > > > > > > Any experience in debugging similar issues? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Nir > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
