[JIRA] (OVIRT-2052) Updated SSL Stores on resources.ovirt.org
by Anton Marchukov (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2052?page=com.atlassian.jir... ]
Anton Marchukov reassigned OVIRT-2052:
--------------------------------------
Assignee: Anton Marchukov (was: infra)
> Updated SSL Stores on resources.ovirt.org
> -----------------------------------------
>
> Key: OVIRT-2052
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2052
> Project: oVirt - virtualization made easy
> Issue Type: By-EMAIL
> Reporter: Anton Marchukov
> Assignee: Anton Marchukov
>
> resources.ovirt.org has old SSL stores and does not consider lets
> encrypt certs as valid:
> ovpn-205-70:~ amarchuk$ ssh http://resources.ovirt.org
> ssh: Could not resolve hostname http://resources.ovirt.org: nodename
> nor servname provided, or not known
> ovpn-205-70:~ amarchuk$ ssh resources.ovirt.org
> Last login: Thu May 10 14:19:17 2018 from monitoring.ovirt.org
> [amarchuk@resources02 ~]$ curl https://jenkins.ovirt.org/
> curl: (60) Peer's Certificate issuer is not recognized.
> More details here: http://curl.haxx.se/docs/sslcerts.html
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). If the default
> bundle file isn't adequate, you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.
> We also have a python utility called repoman that uses the bundle
> certs inside “python-requests” library so we need to make sure it is
> updated too along with the system certs.
> We might have the same problem on other servers, e.g. on Jenkins and
> it’s slaves so might make sense to analyse the situation and extend
> this ticket.
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100085)
6 years, 7 months
[JIRA] (OVIRT-2052) Updated SSL Stores on resources.ovirt.org
by Anton Marchukov (oVirt JIRA)
Anton Marchukov created OVIRT-2052:
--------------------------------------
Summary: Updated SSL Stores on resources.ovirt.org
Key: OVIRT-2052
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2052
Project: oVirt - virtualization made easy
Issue Type: By-EMAIL
Reporter: Anton Marchukov
Assignee: infra
resources.ovirt.org has old SSL stores and does not consider lets
encrypt certs as valid:
ovpn-205-70:~ amarchuk$ ssh http://resources.ovirt.org
ssh: Could not resolve hostname http://resources.ovirt.org: nodename
nor servname provided, or not known
ovpn-205-70:~ amarchuk$ ssh resources.ovirt.org
Last login: Thu May 10 14:19:17 2018 from monitoring.ovirt.org
[amarchuk@resources02 ~]$ curl https://jenkins.ovirt.org/
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
We also have a python utility called repoman that uses the bundle
certs inside “python-requests” library so we need to make sure it is
updated too along with the system certs.
We might have the same problem on other servers, e.g. on Jenkins and
it’s slaves so might make sense to analyse the situation and extend
this ticket.
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100085)
6 years, 7 months