[JIRA] (JENKINS-38829) "Kubernetes server certificate key" not working
Title: Message Title
akostadinov edited a comment on JENKINS-38829
Re: "Kubernetes server certificate key" not working
Hello again. Looking at your test cases I understood and tested what the issue is. The certificate you test with is actually a PEM encoded cert but then base64 encoded. I think that it makes more sense to ask from user simply a PEM cert and base64 encode it upon passing to the kubernetes API. Also your new help text also indicates normal PEM encoding is needed while I could make it work only after additionally base64 encoding it.i.e. I'd expect that I need to put this in the field this:{CODE}-BEGIN CERTIFICATE-MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE0NzU4NzkyMDYwHhcNMTYxMDA3MjIyNjQ2WhcNMjExMDA2MjIyNjQ3WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE0NzU4NzkyMDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8e9H5mVf6T0VYzG3cUkXkUSArFStbZs1XQ0mOqM25DK/wPJ464NHcYBRlgnONqdvlwu/sMHTw9cIelWi9peAgK5EcoDrp5spXwY/NSjmBtEV2+w+3FvvjZQhGhde79vafTiRAfCBJVvhZC6DwGzH6c7axTNjF82WjQ1G5lv4pXpanj4zKpX4DCchuE1zet2UmDkDtl1vcho/eiTc737BgrXOCau3LbTtFlw2Cg1gzk5YlWTzB1DaprP/55+Ks6dUKKX7WsSALErv6Sj0RW1//CQ6OqtACznyYjXRHH9zLBys7YV27gfvyqujdV8Obk66sI+kT9Pf8jW02GVUt//9RAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC7OhnypzgmpBN62GgDbFZTsFSmvxJHNjKeZfDJr1i/r2oZa/0SZ5Q2N7B5wJegA6mcjYD0p7i9++mRL5niwX2yIWSpMMcB1plDXMwraZyn0VqYuXlOYYEQNsOOXcmGnIkRxMwEnqDVS6WSMDh0kRcLrWjockpErGlwSr60WLLUf2rDrW3MNI6cMMY//XQyHjGl0s7YWj1hjprsQWUGcCz7GGBxYYGbE4KGUWSx2gnCloxwC7ZOtxzSdKyNiY+uI9qxWiIxtezilH7CHlr3z/nWR+IKr+MB2ZGFbsZ//igS1nnokPW40Ipo23cchopITlDVVusdlHVUELTeNn9Svvzk-END CERTIFICATE-{CODE}But I had to put this instead:{ CODE code }LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVNRd0lnWURWUVFEREJ0dmNHVnUKYzJocFpuUXRjMmxuYm1WeVFERTBOelU0TnpreU1EWXdIaGNOTVRZeE1EQTNNakl5TmpRMldoY05NakV4TURBMgpNakl5TmpRM1dqQW1NU1F3SWdZRFZRUUREQnR2Y0dWdWMyaHBablF0YzJsbmJtVnlRREUwTnpVNE56a3lNRFl3CmdnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM4ZTlINW1WZjZUMFZZekczY1VrWGsKVVNBckZTdGJaczFYUTBtT3FNMjVESy93UEo0NjROSGNZQlJsZ25PTnFkdmx3dS9zTUhUdzljSWVsV2k5cGVBZwpLNUVjb0RycDVzcFh3WS9OU2ptQnRFVjIrdyszRnZ2alpRaEdoZGU3OXZhZlRpUkFmQ0JKVnZoWkM2RHdHekg2CmM3YXhUTmpGODJXalExRzVsdjRwWHBhbmo0ektwWDREQ2NodUUxemV0MlVtRGtEdGwxdmNoby9laVRjNzM3QmcKclhPQ2F1M0xiVHRGbHcyQ2cxZ3prNVlsV1R6QjFEYXByUC81NStLczZkVUtLWDdXc1NBTEVydjZTajBSVzEvLwpDUTZPcXRBQ3pueVlqWFJISDl6TEJ5czdZVjI3Z2Z2eXF1amRWOE9iazY2c0kra1Q5UGY4alcwMkdWVXQvLzlSCkFnTUJBQUdqSXpBaE1BNEdBMVVkRHdFQi93UUVBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQzdPaG55cHpnbXBCTjYyR2dEYkZaVHNGU212eEpITmpLZVpmREpyMWkvcjJvWgphLzBTWjVRMk43QjV3SmVnQTZtY2pZRDBwN2k5KyttUkw1bml3WDJ5SVdTcE1NY0IxcGxEWE13cmFaeW4wVnFZCnVYbE9ZWUVRTnNPT1hjbUduSWtSeE13RW5xRFZTNldTTURoMGtSY0xyV2pvY2twRXJHbHdTcjYwV0xMVWYyckQKclczTU5JNmNNTVkvL1hReUhqR2wwczdZV2oxaGpwcnNRV1VHY0N6N0dHQnhZWUdiRTRLR1VXU3gyZ25DbG94dwpDN1pPdHh6U2RLeU5pWSt1STlxeFdpSXh0ZXppbEg3Q0hscjN6L25XUitJS3IrTUIyWkdGYnNaLy9pZ1Mxbm5vCmtQVzQwSXBvMjNjY2hvcElUbERWVnVzZGxIVlVFTFRlTm45U3Z2emsKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo={code}
[JIRA] (JENKINS-38829) "Kubernetes server certificate key" not working
Title: Message Title akostadinov commented on JENKINS-38829 Re: "Kubernetes server certificate key" not working Hello again. Looking at your test cases I understood and tested what the issue is. The certificate you test with is actually a PEM encoded cert but then base64 encoded. I think that it makes more sense to ask from user simply a PEM cert and base64 encode it upon passing to the kubernetes API. Also your new help text also indicates normal PEM encoding is needed while I could make it work only after additionally base64 encoding it. i.e. I'd expect that I need to put this in the field this: -BEGIN CERTIFICATE- MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu c2hpZnQtc2lnbmVyQDE0NzU4NzkyMDYwHhcNMTYxMDA3MjIyNjQ2WhcNMjExMDA2 MjIyNjQ3WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE0NzU4NzkyMDYw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8e9H5mVf6T0VYzG3cUkXk USArFStbZs1XQ0mOqM25DK/wPJ464NHcYBRlgnONqdvlwu/sMHTw9cIelWi9peAg K5EcoDrp5spXwY/NSjmBtEV2+w+3FvvjZQhGhde79vafTiRAfCBJVvhZC6DwGzH6 c7axTNjF82WjQ1G5lv4pXpanj4zKpX4DCchuE1zet2UmDkDtl1vcho/eiTc737Bg rXOCau3LbTtFlw2Cg1gzk5YlWTzB1DaprP/55+Ks6dUKKX7WsSALErv6Sj0RW1// CQ6OqtACznyYjXRHH9zLBys7YV27gfvyqujdV8Obk66sI+kT9Pf8jW02GVUt//9R AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG SIb3DQEBCwUAA4IBAQC7OhnypzgmpBN62GgDbFZTsFSmvxJHNjKeZfDJr1i/r2oZ a/0SZ5Q2N7B5wJegA6mcjYD0p7i9++mRL5niwX2yIWSpMMcB1plDXMwraZyn0VqY uXlOYYEQNsOOXcmGnIkRxMwEnqDVS6WSMDh0kRcLrWjockpErGlwSr60WLLUf2rD rW3MNI6cMMY//XQyHjGl0s7YWj1hjprsQWUGcCz7GGBxYYGbE4KGUWSx2gnCloxw C7ZOtxzSdKyNiY+uI9qxWiIxtezilH7CHlr3z/nWR+IKr+MB2ZGFbsZ//igS1nno kPW40Ipo23cchopITlDVVusdlHVUELTeNn9Svvzk -END CERTIFICATE- But I had to put this instead: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVNRd0lnWURWUVFEREJ0dmNHVnUKYzJocFpuUXRjMmxuYm1WeVFERTBOelU0TnpreU1EWXdIaGNOTVRZeE1EQTNNakl5TmpRMldoY05NakV4TURBMgpNakl5TmpRM1dqQW1NU1F3SWdZRFZRUUREQnR2Y0dWdWMyaHBablF0YzJsbmJtVnlRREUwTnpVNE56a3lNRFl3CmdnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM4ZTlINW1WZjZUMFZZekczY1VrWGsKVVNBckZTdGJaczFYUTBtT3FNMjVESy93UEo0NjROSGNZQlJsZ25PTnFkdmx3dS9zTUhUdzljSWVsV2k5cGVBZwpLNUVjb0RycDVzcFh3WS9OU2ptQnRFVjIrdyszRnZ2alpRaEdoZGU3OXZhZlRpUkFmQ0JKVnZoWkM2RHdHekg2CmM3YXhUTmpGODJXalExRzVsdjRwWHBhbmo0ektwWDREQ2NodUUxemV0MlVtRGtEdGwxdmNoby9laVRjNzM3QmcKclhPQ2F1M0xiVHRGbHcyQ2cxZ3prNVlsV1R6QjFEYXByUC81NStLczZkVUtLWDdXc1NBTEVydjZTajBSVzEvLwpDUTZPcXRBQ3pueVlqWFJISDl6TEJ5czdZVjI3Z2Z2eXF1amRWOE9iazY2c0kra1Q5UGY4alcwMkdWVXQvLzlSCkFnTUJBQUdqSXpBaE1BNEdBMVVkRHdFQi93UUVBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQzdPaG55cHpnbXBCTjYyR2dEYkZaVHNGU212eEpITmpLZVpmREpyMWkvcjJvWgphLzBTWjVRMk43QjV3SmVnQTZtY2pZRDBwN2k5KyttUkw1bml3WDJ5SVdTcE1NY0IxcGxEWE13cmFaeW4wVnFZCnVYbE9ZWUVRTnNPT1hjbUduSWtSeE13RW5xRFZTNldTTURoMGtSY0xyV2pvY2twRXJHbHdTcjYwV0xMVWYyckQKclczTU5JNmNNTVkvL1hReUhqR2wwczdZV2oxaGpwcnNRV1VHY0N6N0dHQnhZWUdiRTRLR1VXU3gyZ25DbG94dwpDN1pPdHh6U2RLeU5pWSt1STlxeFdpSXh0ZXppbEg3Q0hscjN6L25XUitJS3IrTUIyWkdGYnNaLy9pZ1Mxbm5vCmtQVzQwSXBvMjNjY2hvcElUbERWVnVzZGxIVlVF
[JIRA] (JENKINS-38829) "Kubernetes server certificate key" not working
Title: Message Title Carlos Sanchez commented on JENKINS-38829 Re: "Kubernetes server certificate key" not working This is supposed to be a X509 PEM encoded certificate. I have added some help text. You can see some tests in the fabric8 API https://github.com/fabric8io/kubernetes-client/blob/53471cdcfd04dce22026991d260c414e48934e23/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/UntrustedCertTest.java#L48 Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-38829) "Kubernetes server certificate key" not working
Title: Message Title akostadinov created an issue Jenkins / JENKINS-38829 "Kubernetes server certificate key" not working Issue Type: Bug Assignee: Carlos Sanchez Components: kubernetes-plugin Created: 2016/Oct/07 8:18 PM Priority: Critical Reporter: akostadinov In JENKINS-29213 a parameter has been added "Kubernetes server certificate key". It has no help but looking at the relevant commit I see it should read PEM formatted server certificate. This doesn't appear to work for me. Jenkins server doesn't use a self-signed certificate, it uses a corporate internal CA thus I put into the field the server certificate and it's CAs. This doesn't work. I tried changing order of certificates to no avail. I think help needs to be added about format and order of certificates so that they can work. Full backtrace: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at
