[Hawkular-dev] SSL by default
Juraci Paixão Kröhling
jpkroehling at redhat.com
Tue May 31 05:59:49 EDT 2016
On 27.05.2016 19:07, Jiri Kremser wrote:
> "
> The server presented a certificate that could not be verified:
> subject: /O=Red Hat/OU=prod/CN=Intermediate Certificate Authority
> issuer: /C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat
> IT/CN=Red Hat IT Root CA/emailAddress=infosec at redhat.com
> <mailto:infosec at redhat.com>
> error code 2: unable to get issuer certificate
> "
>
> The root cause is that CA certificate has the empty issuer field. I'll
> set up my own nginx as a reverse proxy with a certificate that will pass
> the verification for now to record the VCRs for the client, but whatever
> method for creating a default certificate we choose, it needs to pass
> the if the SSL_VERIFY_PEER flag is set
> (https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_verify.html)
I'm not sure I understand the problem. Note that this is a certificate
generated by a Red Hat internal CA, so, you might need to import Red
Hat's root CA.
- Juca.
More information about the hawkular-dev
mailing list