[
https://issues.apache.org/jira/browse/BROOKLYN-280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John McCabe reassigned BROOKLYN-280:
------------------------------------
Assignee: John McCabe
> br cli fails to login to brooklyn instances with self-signed SSL certs
> ----------------------------------------------------------------------
>
> Key: BROOKLYN-280
> URL: https://issues.apache.org/jira/browse/BROOKLYN-280
> Project: Brooklyn
> Issue Type: Bug
> Reporter: John McCabe
> Assignee: John McCabe
>
> Attempt to log into Brooklyn with a cert generated following the instructions
> on {{ops/brooklyn_properties}}, results in the following error:
> {code}
> # br login https://10.10.10.100:8443 admin mypassword
> Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate
> certificate for 10.10.10.100 because it doesn't contain any IP SANs
> {code}
> Adding the IP SAN (add {{-ext san=IP:10.10.10.100}} to the {{keytool}}
> invocation on JDK 1.7+) then results in:
> {code}
> # br login https://10.10.10.100:8443 admin mypassword
> Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by
> unknown authority
> {code}
> I suspect we may need to be tolerate of self-signed certs without a
> trustchain, but do so via a flag that the user must set explicitly, for
> example:
> {code}
> br login --trustall https://10.10.10.100 admin mypassword
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
