This command will show the handshake used for HTTPS. It will show if
the server's certificate (the same one used for TLS) can be validated.
Using "openssl s_client" is a good way to start diagnosing what's
actually happening when SSL/TLS is enabled in Riak.
--
Luke Bakken
Engineer
lbak...@basho.c
Hi Luke,
I am using TLS for protocol buffer - not sure if you're thinking of HTTP only.
Thanks
-Kyle-
-Original Message-
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Tuesday, August 30, 2016 2:14 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certif
Kyle,
I would be interested to see the output of this command run on the
same server as your Riak node:
openssl s_client -debug -connect localhost:8098
Please replace "8098" with the HTTPS port used in this configuration
setting in your /etc/riak.conf file:
listener.https.internal
--
Luke Bakk
Hi Luke,
I believe this is not the case. The Java riak-client (version 2.0.6) that I
used does validate the server's cert but not checking on server's CN. If I
replaced getACert CA in the trustor with another unknown CA then SSL will fail
with "unable to find valid certification path to request
Kyle -
The CN should be either the DNS-resolvable host name of the Riak node,
or its IP address (without "riak@"). Then, the Java client should be
configured to use that to connect to the node (either DNS or IP).
Without doing that, I really don't have any idea how the Java client
is validating th