Hi Josh, thanks for the feedback!
I didn't quite do what you did but I did use OpenSSL to pull the cert and I
put a copy in the path you indicated and I ran the c_rehash command so I
get the link in the cert folder. I don't think it's publishing the full
chain.
When I run the command you provided it does display the Cert and details
but it times out and displays:
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Kevin
On Wed., Dec. 11, 2019, 8:14 p.m. Josh Cooper, <j...@puppet.com> wrote:
>
>
> On Wed, Dec 11, 2019 at 1:35 PM Kevin C <kevlarmay1...@gmail.com> wrote:
>
>> I am trying to source a file from our Artifactory which using https, but
>> it fails due to cert issues:
>>
>> SSL_connect returned=1 errno=0 state=error: certificate verify failed
>>
>> I found some discussions on this issue here
>> https://tickets.puppetlabs.com/browse/PUP-7814 but adding the cert to
>> the cert.pem or creating a file in /opt/puppetlabs/puppet/ssl/certs and
>> running the c_hash command did not work either.
>>
>> Any suggestions?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/78a78f59-712d-40d0-9553-fef672231e86%40googlegroups.com
>> <https://groups.google.com/d/msgid/puppet-users/78a78f59-712d-40d0-9553-fef672231e86%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> Is artifactory's cert issued by an intermediate CA? Is artifactory
> configured to provide the entire cert chain (equivalent to
> SSLCertificateChainFile in Apache)?
>
> Can you connect using the openssl binary in the puppet-agent package?
>
> /opt/puppetlabs/puppet/bin/openssl s_client -CApath
> /opt/puppetlabs/puppet/ssl/certs -connect artifactory.example.com:443
>
> Did you run /opt/puppetlabs/puppet/bin/c_rehash or the one in system
> openssl?
>
> Josh
> --
> Josh Cooper | Software Engineer
> j...@puppet.com | @coopjn
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/DfYkZCbTyqk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CA%2Bu97ukFSuuy7eeCENKmfh0nhzoXKmPMw%3DQSTo3Ywk1CrOsiog%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CA%2Bu97ukFSuuy7eeCENKmfh0nhzoXKmPMw%3DQSTo3Ywk1CrOsiog%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAB%2BSi9_yLxaWmRgCG%3DGBH1XLWXMRRup2r%3DLOmq56EiHMzPA_wg%40mail.gmail.com.
