Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad certificate error #3

Open
niraj8241 opened this issue Mar 24, 2016 · 2 comments
Open

Bad certificate error #3

niraj8241 opened this issue Mar 24, 2016 · 2 comments

Comments

@niraj8241
Copy link

Hi,

I have an etcd cluster with 2 nodes and it works over https and with certificate authentication. I have legitimate certs, keys and ca-certificates from symantec. I can use the URL from postman and even via browser and it works fine without any issues. But when i use etcd-viewer with the latest version of it, i recieve the following error when connecting.

Note:- I have imported the certs in java trust store.

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://etcd.xxxx.com:2379/version: Received fatal alert: bad_certificate
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1365)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1349)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:624)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1100)
@nikfoundas
Copy link
Owner

Hi @niraj8241,

In this issue: #1 I had provided some instructions about how to import certificates as described in the etcd documentation here documentation .

Have you followed these instructions?

Can you provide some further information regarding these certificates (types) in order to perform some tests myself? What is the etcd version that you use? Do you build etcd viewer from source or do you use the docker based distribution?

Thank you in advance,
Nikos

PS: I also have to check the latest etcd security documetation and cross check the instructions I had assembled.

@niraj8241
Copy link
Author

Hi @nikfoundas yes i followed the guidelines in issue #1 and still get a bad certificate error.

Below are the information you requested:

ubuntu@etcd-cluster-1:~$ etcd --version
etcd Version: 2.3.0-alpha.0+git
Git SHA: 40d3e0d
Go Version: go1.5.3
Go OS/Arch: linux/amd64

I installed etcd from source. The certificates are verisign certificates signed by a legitimate CA.

Thanks in advance,
Niraj

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nikfoundas @niraj8241