[ https://issues.apache.org/jira/browse/BROOKLYN-280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John McCabe reassigned BROOKLYN-280: ------------------------------------ Assignee: John McCabe > br cli fails to login to brooklyn instances with self-signed SSL certs > ---------------------------------------------------------------------- > > Key: BROOKLYN-280 > URL: https://issues.apache.org/jira/browse/BROOKLYN-280 > Project: Brooklyn > Issue Type: Bug > Reporter: John McCabe > Assignee: John McCabe > > Attempt to log into Brooklyn with a cert generated following the instructions > on {{ops/brooklyn_properties}}, results in the following error: > {code} > # br login https://10.10.10.100:8443 admin mypassword > Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate > certificate for 10.10.10.100 because it doesn't contain any IP SANs > {code} > Adding the IP SAN (add {{-ext san=IP:10.10.10.100}} to the {{keytool}} > invocation on JDK 1.7+) then results in: > {code} > # br login https://10.10.10.100:8443 admin mypassword > Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by > unknown authority > {code} > I suspect we may need to be tolerate of self-signed certs without a > trustchain, but do so via a flag that the user must set explicitly, for > example: > {code} > br login --trustall https://10.10.10.100 admin mypassword > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)