Skip to content
This repository has been archived by the owner on Nov 9, 2022. It is now read-only.

Bootstrap does not create new self-signed certificates #693

Closed
kford-oconnors opened this issue Nov 16, 2016 · 1 comment
Closed

Bootstrap does not create new self-signed certificates #693

kford-oconnors opened this issue Nov 16, 2016 · 1 comment
Labels
deployer enhancement help wanted
Milestone
v1.7.5

Comments

@kford-oconnors
Copy link
Contributor

Configuring an ssl certificate in ml-config.xml inserts a template but does not create a usable certificate.

When a certificate template is created via the Admin UI, MarkLogic automatically generates a self-signed CA and certificate from the template. When a new certificate template is created via the Roxy deployer, no certificate is generated; app servers using this certificate template are not usable until the certificate is generated manually.

Steps to reproduce:

  1. Include the sample ssl certificate and an HTTP server that uses it in ml-config.xml
  2. Bootstrap
  3. curl https://localhost:[app-port] > "(35) Server aborted the SSL handshake"
  4. In the Admin UI, click 'ok' on the Configure page for the new template
  5. curl now returns expected result (complaint about insecure certificate)

Our workaround is a post-bootstrap custom build step that creates the certificate using pki:generate-temporary-certificate().
@kford-oconnors kford-oconnors mentioned this issue Nov 18, 2016
Merged
@RobertSzkutak
Copy link
Contributor

Thanks for the PR @kford-oconnors !

@RobertSzkutak RobertSzkutak added this to the 1.7.5 milestone Nov 18, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
deployer enhancement help wanted
Projects
None yet
Milestone
v1.7.5
Development

No branches or pull requests
2 participants
@RobertSzkutak @kford-oconnors