You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all thanks for the gem. I understand this is spare time pet project but wanted to see if you have some insights to an issue am seeing.
Am trying to use cred_hubble to get some of the credentials from VCAP_SERVICES by using the interpolation API. Am using mtls client - when i try running the corresponding code (basically during start up ) encounter TLS issues - more precisely
To debug this further SSH into another CF(PCF) Application and tried doing this openssl s_client -connect credhub.service.cf.internal:8844 -key $CF_INSTANCE_KEY -cert $CF_INSTANCE_CERT -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=1 C = US, O = Pivotal
verify return:1
depth=0 C = US, O = Pivotal, CN = credhub.service.cf.internal
verify return:1
139728436430496:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:s3_pkt.c:1278:SSL alert number 46
139728436430496:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
Acceptable client certificate CA names
/CN=Diego Instance Identity Root CA
SSL handshake has read 2399 bytes and written 1893 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES128-GCM-SHA256
Session-ID: 5BBBE0132BFD849400556CE6AF9BC6D24E126AF2B3CDE588C1E930917CB83E1B
Session-ID-ctx:
Master-Key: 9744109962207039FC17C213027CE17BAD1ABC3E34BF5B17B1218A9834341D20929794BCB49478058573AFF24511941A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1539039251
Timeout : 300 (sec)
Verify return code: 0 (ok)
Looking around on what could cause this issue .... I see one of the issue may be with MTLS were the ceertificate presented by the client to the server(CredHub) is not trusted ? Is there anything that could be done from the client side ?
The text was updated successfully, but these errors were encountered:
First of all thanks for the gem. I understand this is spare time pet project but wanted to see if you have some insights to an issue am seeing.
Am trying to use cred_hubble to get some of the credentials from VCAP_SERVICES by using the interpolation API. Am using mtls client - when i try running the corresponding code (basically during start up ) encounter TLS issues - more precisely
To debug this further SSH into another CF(PCF) Application and tried doing this
openssl s_client -connect credhub.service.cf.internal:8844 -key $CF_INSTANCE_KEY -cert $CF_INSTANCE_CERT -CApath /etc/ssl/certsLooking around on what could cause this issue .... I see one of the issue may be with MTLS were the ceertificate presented by the client to the server(CredHub) is not trusted ? Is there anything that could be done from the client side ?
The text was updated successfully, but these errors were encountered: