Hi,
I have a wildcard certificate purchased in the certification center.
And I have koji with self-signed certificates and authentication by certificates.
How can I use not self-signed certificate in web interface koji? So that the browser does not complain that the certificate is self-signed.
If I set my wildcard certificate
SSLCertificateFile /etc/pki/koji/oro_cloud/wildcard.cloud.crt SSLCertificateKeyFile /etc/pki/koji/oro_cloud/wildcard.cloud.key
I get the error:
Error An error has occurred while processing your request. SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579) Traceback (most recent call last): File "/usr/share/koji-web/scripts/wsgi_publisher.py", line 368, in handle_request result = func(environ, **data) File "/usr/share/koji-web/scripts/index.py", line 241, in login if not _sslLogin(environ, session, username): File "/usr/share/koji-web/scripts/index.py", line 126, in _sslLogin proxyuser=username) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2312, in ssl_login sinfo = self.callMethod('sslLogin', proxyuser) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2360, in callMethod return self._callMethod(name, args, opts) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2478, in _callMethod return self._sendCall(handler, headers, request) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2391, in _sendCall return self._sendOneCall(handler, headers, request) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2436, in _sendOneCall r = self.rsession.post(handler, **callopts) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 507, in post return self.request('POST', url, data=data, json=json, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send raise SSLError(e, request=request) SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
Thank you!
On Tue, Feb 27, 2018 at 1:43 PM, Viacheslav Dubrovskyi dubrsl@gmail.com wrote:
Hi,
I have a wildcard certificate purchased in the certification center.
And I have koji with self-signed certificates and authentication by certificates.
How can I use not self-signed certificate in web interface koji? So that the browser does not complain that the certificate is self-signed.
If I set my wildcard certificate
SSLCertificateFile /etc/pki/koji/oro_cloud/wildcard.cloud.crt SSLCertificateKeyFile /etc/pki/koji/oro_cloud/wildcard.cloud.key
The SSLCertificateFile needs to be a cert with the intermediate certificates prepended to it.
Something like this:
$ cat cert-provider-bundle.crt wildcard.cloud.crt > bundle-wildcard.cloud.crt
28.02.2018 04:24, Neal Gompa пишет:
On Tue, Feb 27, 2018 at 1:43 PM, Viacheslav Dubrovskyi dubrsl@gmail.com wrote:
Hi,
I have a wildcard certificate purchased in the certification center.
And I have koji with self-signed certificates and authentication by certificates.
How can I use not self-signed certificate in web interface koji? So that the browser does not complain that the certificate is self-signed.
If I set my wildcard certificate
SSLCertificateFile /etc/pki/koji/oro_cloud/wildcard.cloud.crt SSLCertificateKeyFile /etc/pki/koji/oro_cloud/wildcard.cloud.key
The SSLCertificateFile needs to be a cert with the intermediate certificates prepended to it.
Something like this:
$ cat cert-provider-bundle.crt wildcard.cloud.crt > bundle-wildcard.cloud.crt
I tried, but it doesn't help. Apache see only first certificate in file.
buildsys@lists.fedoraproject.org