Kyle -
Verify return code: 19 (self signed certificate in certificate chain)
Since your server cert is self-signed, there's not much more that can
be done at this point I believe. My security tests use a dedicated CA
where the Root cert is available for validation
(https://github.com/basho/riak-c
nt: None
SRP username: None
Start Time: 1472681389
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
-Original Message-
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Tuesday, August 30, 2016 2:21 PM
To: Nguyen, Kyle
Cc: Riak Us
asho.com]
> Sent: Tuesday, August 30, 2016 2:14 PM
> To: Nguyen, Kyle
> Cc: Riak Users
> Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
> using Java client
>
> Kyle,
>
> I would be interested to see the output of this command run on the sam
2.1.4) certificate based authentication
using Java client
Kyle,
I would be interested to see the output of this command run on the same server
as your Riak node:
openssl s_client -debug -connect localhost:8098
Please replace "8098" with the HTTPS port used in this configuration settin
Kyle,
I would be interested to see the output of this command run on the
same server as your Riak node:
openssl s_client -debug -connect localhost:8098
Please replace "8098" with the HTTPS port used in this configuration
setting in your /etc/riak.conf file:
listener.https.internal
--
Luke Bakk
le
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Kyle -
The CN should be either the DNS-resolvable host name of the Riak node, or its
IP address (without "riak@"). Then, the Java client should be configured to use
that to co
Kyle -
The CN should be either the DNS-resolvable host name of the Riak node,
or its IP address (without "riak@"). Then, the Java client should be
configured to use that to connect to the node (either DNS or IP).
Without doing that, I really don't have any idea how the Java client
is validating th
e Bakken [mailto:lbak...@basho.com]
Sent: Monday, August 29, 2016 2:20 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Hi Kyle -
Thanks for the info. Just so you know, setting check_clr = off means that Riak
wi
; Thanks a lot, Luke! I finally got the mutual certificate based authentication
> working by setting check_clr = off since I don't see any documentation on how
> to set this up and we might not need this feature. Another thing that I added
> to make it work is to add the correct ent
Thanks a lot, Luke! I finally got the mutual certificate based authentication
working by setting check_clr = off since I don't see any documentation on how
to set this up and we might not need this feature. Another thing that I added
to make it work is to add the correct entry for cidr.
Kyle -
What is the output of these commands?
riak-admin security print-users
riak-admin security print-sources
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#user-management
Please note that setting up certificate authentication *requires* that
you have set up SSL / TLS in Riak as
Update – Handshake was successfully after I opted out mutual authentication
option, client no longer sends its certificate to riak. However, getting the
following error after TLS is established:
*** Finished
verify_data: { 149, 140, 49, 23, 238, 152, 45, 212, 158, 44, 189, 155 }
***
%% Cached
Hi all,
>
>
>
> I was trying to implement client certificate based authentication
> following http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but
> kept getting the following SSL Handshake exception. I believe I have the
> client keystore, truststore and riak server
Hi all,
I was trying to implement client certificate based authentication following
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but kept getting the
following SSL Handshake exception. I believe I have the client keystore,
truststore and riak server cert/key setup properly. Both
Hello
If I enable basic authentication on a reverse-proxy (e.g. nginx, haproxy)
then how can I specify the username and password using java-riak-client?
com.basho.riak.client.RiakFactory.httpClient("http://username:password@localhost:8098/riak";)?
Thanks
Mark
--
View this message
riak should not be exposed to the internet, if that was
in fact the intention, read this:
http://aphyr.com/posts/224-do-not-expose-riak-to-the-internet
On Jun 4, 2012, at 10:35 PM, raghwani sohil wrote:
>
> Hi ,
>
> Is there any way to add bucket level authentication in riak ?
&g
Hi ,
Is there any way to add bucket level authentication in riak ?
suppose i have two buckets *bucket1* and *bucket2 *under same riak cluster
. I want to access bucket1 using authentication ( privately) and buckets2
publicly . Is it possible ?
If yes then how to do this and if no then is there
Nathaniel,
I'll have to go through the commit log, but I'm fairly confident that this bug
was fixed. I just tried it and am not prompted with the password. If you do a
`git log` in deps/riak_control, what's the latest commit SHA that you have?
Also, when you use 'none&#x
We're running Riak Control within a controlled VPN environment, so
we'd like to turn off basic auth completely. However, when we set auth
to "none", we still get prompted for basic auth, the only difference
is any old username and password will work. Is there any way to turn
off the prompt complete
We've solved this before a few ways (to give some concrete examples):
1. On EC2 behind an ELB (which is inherently public on the internet) we
ran HAProxy on each Riak node, proxying some other port to Riak's port 8098.
The ELB's public port was 8098, but it translated that to the port fo
you have to put something in front of riak, like haproxy, that will act as a
gateway into and out of your riak cluster. also block ports/access on your riak
node itself via a firewall or something like that.
-Alexander Sicular
@siculars
http://siculars.posterous.com
On Oct 24, 2011, at 10:54
Hi All,
I'm relatively new to Riak and just loving it. :)
I have a query about Riak that, why is there no user auth mechanisms? Is it
the part of the design or a future candidate?
Or else, how can I make a Riak based app protect files from unauthorized
access.
I searched the mailing list history,
t's network activity, access the
db and steal info. Firewalls do not help in this case since the data
store is being accessed from a legitimate source. So, database
authentication and password encryption on the client is pretty key
here.
What are people's typical approach to protecting
e the data source and
credentials by exploring the application code and it's network activity, access
the db and steal info. Firewalls do not help in this case since the data store
is being accessed from a legitimate source. So, database authentication and
password encryption on the client is
all the data in the private bucket with the shared properties copied to
the public bucket. So linking & map/reduce would refer to the private
(otherwise solo) bucket without any special cases. Does such a thing
make sense to have in Ripple? Perhaps sharing is a use case for the
upcoming trig
cookbooks to deploy Riak (maybe the
EC-2 one)
Tyler
On Sun, Apr 11, 2010 at 8:04 AM, Sean Cribbs wrote:
> As Preston says, we recommend putting a web-server in front of your Riak
> machine when you need authentication. If you're using SSL to connect, you
> could also use clie
26 matches
Mail list logo
