All,
I've been trying to setup a secure IPS repo. I've been able
to setup the SMF service. However, when I try to communicate
with it from the client side I get the following error:
# pkg refresh
Refreshing catalog 3/3
pkg: 2/3 catalogs successfully updated:
Framework error: code: 60 reason: SSL certificate problem, verify that
the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
URL: 'https://192.168.100.10:4321/versions/0/'.
I got the publisher setup on the client by using a --debug option
of ssl_ca_file. I have the same certificate authority file placed into
/etc/certs/CA and have refreshed the svc:/system/ca-certificates:default.
The appropriate symbolic link is made within the /etc/openssl/certs
directory. If I use the same debug option on a pkg refresh things
work correctly. Clearly not desirable.
I've been trying to create a short pycurl program to reproduce
the issue and have yet to get the app to talk to the IPS repo.
Any ideas as to what is configured incorrectly? Or might this
be a bug? I can provide a script to setup the IPS repo and
certificates if that would be helpful.
Thanks,
John
$ pkg publisher install-nightly
Publisher: install-nightly
Alias:
Origin URI: https://192.168.100.10:4321/
SSL Key:
/var/pkg/ssl/c532fc0c1c8cc6ee52c2ec67f624160e61e8ab22
SSL Cert:
/var/pkg/ssl/e670fd021187f1d47791dcd133eb2b01208e6c26
Cert. Effective Date: April 20, 2012 11:52:00 AM
Cert. Expiration Date: April 20, 2013 11:52:00 AM
Client UUID: ecf32910-8d66-11e1-8356-880027dbb228
Catalog Updated: April 9, 2012 04:53:38 PM
Enabled: Yes
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
