Solved... i´ve to set the SSLCACertificateFile to the generated ca cert... the documentation for this use case looks bad. O;-)
Regards 2017-03-15 11:15 GMT+01:00 Rene L <[email protected]>: > Hi, > > i´ve tried many setups for the configuration, but nothing works for me. > I´ve tried the playpen/certs/ example, too. My setup: > > - basic pulp installation > - set the cert/key/ca (ssl.conf) to a trusted ca (comodo) > - generate a own ca for repo auth > - create a client key/cert with the following extension and sign them > > > [pulp-repos] > > basicConstraints=CA:FALSE > > 1.3.6.1.4.1.2312.9.2.0000.1=ASN1:UTF8:yum > > 1.3.6.1.4.1.2312.9.2.0000.1.1=ASN1:UTF8:Pulp > > 1.3.6.1.4.1.2312.9.2.0000.1.2=ASN1:UTF8:pulp-repo-test > > 1.3.6.1.4.1.2312.9.2.0000.1.6=ASN1:UTF8:pulp/repos/test/ > > - enable the auth (repo_auth.conf) > - create a test repository and set the --auth-ca parameter to the > generated ca > - try to get something from the test repo > > > curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert --key > ./certs/Pulp_client.key https://%s/pulp/repos/test/ > > curl: (60) Peer's certificate issuer has been marked as not trusted by > the user. > > > curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert --key > ./certs/Pulp_client.key https://%s/pulp/repos/test/ -k > > curl: (56) Peer does not recognize and trust the CA that issued your > certificate. > > Does anyone can say me, where's my fallacy? > > Regards > > 2017-03-13 17:44 GMT+01:00 Rene L <[email protected]>: > >> Hi Guys, >> >> I want to protect some repositories, but just found this blog entry from >> 2011: >> >> http://pulpproject.org/2011/05/18/pulp-protected-repositories/ >> >> The documentation dont works for me. Did you have any other guides for >> this usecase? >> >> Kind regards >> > >
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
