Yeah, in confluent one thing different is, when local, try to use a unix domain socket first (which doesn't have this complication)
When it does use a TLS socket, it defaults to making the certificates management more like ssh keys than the whole x509 CAs and expiry and such. Which I think is a better fit for how TLS is usually deployed internally anyway (usually people disable all the verification to not have to fool with it, I hope the confluent approach is a good middle ground). -----Original Message----- From: Roland Schigas [mailto:rschi...@eos.ubc.ca] Sent: Wednesday, May 11, 2016 2:10 PM To: xCAT Users Mailing list Subject: Re: [xcat-user] console SSL certificate error Thanks Jarred, that did the trick! Roland On 2016-05-11 9:58 AM, Jarrod Johnson wrote: > cat ~/.consolerc > > -----Original Message----- > From: Roland Schigas [mailto:rschi...@eos.ubc.ca] > Sent: Wednesday, May 11, 2016 11:53 AM > To: xcat-user@lists.sourceforge.net > Subject: [xcat-user] console SSL certificate error > > Hi everyone, > > We recently had rpower, reventlog, psh, etc stop working due to an expired > SSL certificate, ca-cert.pem. We manually created a new one with an expiry > that matches the other certs in /etc/xcat/cert/, and everything started > working again. > > Except for rcons. It's throwing the following error: > > $ rcons node001 > console: SSLVerifyCallback(): error with certificate at depth: 1 > console: SSLVerifyCallback(): issuer = /CN=xCAT CA > console: SSLVerifyCallback(): subject = /CN=xCAT CA > console: SSLVerifyCallback(): error #10: certificate has expired > console: SSL negotiation failed > 24559:error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed:s3_clnt.c:915: > > I've checked /etc/xcat/conserver.cf & it's correctly configured to use the > new certificate. Has anyone seen this before, and can you point me in the > right direction? > > FYI, we're running xCAT version 2.5.1. > > Thanks, > Roland > -- > Roland Schigas > Sys Admin, UBC Weather Forecast Research Team > +1 604-822-4760 > rschi...@eos.ubc.ca > www.eos.ubc.ca > > ---------------------------------------------------------------------- > -------- Mobile security can be enabling, not merely restricting. > Employees who bring their own devices (BYOD) to work are irked by the > imposition of MDM restrictions. Mobile Device Manager Plus allows you to > control only the apps on BYO-devices by containerizing them, leaving personal > data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user > > ---------------------------------------------------------------------- > -------- Mobile security can be enabling, not merely restricting. > Employees who bring their own devices (BYOD) to work are irked by the > imposition of MDM restrictions. Mobile Device Manager Plus allows you > to control only the apps on BYO-devices by containerizing them, > leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user > -- Roland Schigas Sys Admin, UBC Weather Forecast Research Team +1 604-822-4760 rschi...@eos.ubc.ca www.eos.ubc.ca ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
