I'm all squared away now with my certs. I CC'ed Gavin since he was having
similar issues with a similar intermediary setup. Here are some notes that may
help others, and one of them seems like a bug in verify_cert, or at least a bug
with my setup.
I had to create a chain cert for
On 10/28/2014 12:32 AM, Gavin Jones wrote:
ConnectionException: (None, 'tlsv1 alert unknown ca', None)
Any more ideas?
This error means your server is signed by an untrusted CA (or is self
signed). You have two (possibly three) choices:
1) Sign the httpd process' SSL certificates with a
On 10/28/2014 09:04 AM, Ashby, Jason (IMS) wrote:
Add your root and intermediary CA's to system CA bundle (copy ca-bundle.crt
out to all consumers too):
openssl x509 -in /etc/pki/pulp_certs/rootca.crt -text
/etc/pki/tls/certs/ca-bundle.crt
openssl x509 -in /etc/pki/pulp_certs/pulpca.crt
On 10/28/2014 09:04 AM, Ashby, Jason (IMS) wrote:
ssl_ca_certificate: /etc/pki/pulp_certs/pulpca_chain.crt
This setting is used as a CA to add to consumer yum repo configs. If you
use a trusted CA certificate in httpd's ssl.conf (recommended), you
don't need this. Also, this does not need to be
Yes, that's very helpful. Didn't know that existed. I've been readding my CA
to it after OS updates myself, but this is much better.
On Oct 28, 2014, at 10:20 AM, Randy Barlow rbar...@redhat.com wrote:
On 10/28/2014 09:04 AM, Ashby, Jason (IMS) wrote:
Add your root and intermediary CA's to
Hey Jason,
Thanks for the info, I am still a big time newbie on
understanding intermediary SSL etc.
If I am understanding correctly, On the pulp host I would have to create my
own root ca with instructions like this:
Pulp 2.5.0-0.14 has been published to the beta repositories. Here is the
changelog:
- 1153344 - verify_ssl default to true. (rbar...@redhat.com)
- 1153344 - Support Mongo SSL on the result backend. (rbar...@redhat.com)
The jenkins test infrastructure was failing . I was unable to test this
I’m no expert here either, but this is how I understand intermediary SSL
certificates, so someone correct me if this is misleading!!
Essentially, there is only one root CA for your organization. In this case,
your root CA cert is the one you’ve set up with Microsoft Active Directory
Jason Thanks for your explanation things are kind of clicking let me
rebuild and rewrite out my instructions and I will have another go.
Either way thanks for your explanations and effort on this.
On Wed, Oct 29, 2014 at 12:27 PM, Ashby, Jason (IMS) ash...@imsweb.com
wrote:
I’m no expert here