Yes, you are a step further now that TLS is spoken. However, I would suggest to first get your test working locally on the lxd server, since my homebrew OSX curl has further restrictions. You can only use certificates that are in the keychain: * WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private key must be in the Keychain. * WARNING: SSL: Certificate type not set, assuming PKCS#12 format.
When trying your example on my lxd server, I do the following steps (as root user). # cd /root/.config/lxc # ls client.crt client.key config.yml servercerts Now, if you don't have these files, use can get them by doing the following: # lxc remote add lxc-org images.linuxcontainers.org This should also initialise the local client certificate if it does not exist. Then: # lxc config trust add client.crt # lxc config trust list This should list the fingerprint. And it should work: # curl --key client.key --cert client.crt -v -k https://localhost:8443/1.0/images (do not use the -s option as it will suppress the output) 2015-05-23 7:53 GMT+02:00 Kevin LaTona <[email protected]>: > > On May 22, 2015, at 10:33 PM, Kevin LaTona <[email protected]> wrote: > > Ok, but you are testing with a curl that does not support TLS. That is why > you cannot connect to that particular LXD instance. Depending on the OS and > distribution, other LXD instances may still support SSL. > > > > > > I did a quick upgrade of curl to 7.42.1 > > Now when I try it > > /usr/local/Cellar/curl/7.42.1/bin/curl -s --cert server.crt --key > server.key -k https://192.168.0.50:8443/1.0/images > > I know I don't want to mess with Apple's install of Curl for now. > > > I get ………… curl: (35) SSL peer handshake failed, the server most likely > requires a client certificate to connect > > So maybe I am getting closer and some thing is off with the cert I just > made. > > > Would be nice to know what version of LDX is running at > linuxcontainers.org > > It sure might help saving lots of time chasing after another avenue that > in the end may or may not solve problem. > > -Kevin > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
