Uploaded image for project: 'Brooklyn'
  1. Brooklyn
  2. BROOKLYN-280

br cli fails to login to brooklyn instances with self-signed SSL certs

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.10.0
    • None

    Description

      Attempt to log into Brooklyn with a cert generated following the instructions on ops/brooklyn_properties, results in the following error:

      # br login https://10.10.10.100:8443 admin mypassword
Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate certificate for 10.10.10.100 because it doesn't contain any IP SANs

      Adding the IP SAN (add -ext san=IP:10.10.10.100 to the keytool invocation on JDK 1.7+) then results in:

      # br login https://10.10.10.100:8443 admin mypassword
Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown authority

      I suspect we may need to be tolerate of self-signed certs without a trustchain, but do so via a flag that the user must set explicitly, for example:

      br login --trustall https://10.10.10.100 admin mypassword

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #21

          Activity

            People

              johnmccabe John McCabe
              johnmccabe John McCabe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: