Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Attempt to log into Brooklyn with a cert generated following the instructions on ops/brooklyn_properties, results in the following error:
# br login https://10.10.10.100:8443 admin mypassword Get https://10.10.10.100:8443/v1/server/version: x509: cannot validate certificate for 10.10.10.100 because it doesn't contain any IP SANs
Adding the IP SAN (add -ext san=IP:10.10.10.100 to the keytool invocation on JDK 1.7+) then results in:
# br login https://10.10.10.100:8443 admin mypassword Get https://10.10.10.100:8443/v1/server/version: x509: certificate signed by unknown authority
I suspect we may need to be tolerate of self-signed certs without a trustchain, but do so via a flag that the user must set explicitly, for example:
br login --trustall https://10.10.10.100 admin mypassword
Attachments
Issue Links
- links to