Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-26469

Issue with verifying certificate chain for query

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 4.6.4
    • 4.6.1, 4.6.3
    • ns_server
    • centos
    • Triaged
    • Unknown

    Description

      When connecting via TLS to the query service on port 18093, we cannot verify the certificate chain. This can be seen with the following -  

      [root@s61201-cnt65 ~]# openssl s_client -connect 127.0.0.1:18093 -CAfile /root/sslca/root/ca.pem 
      CONNECTED(00000003)
      depth=0 C = UA, O = My Company, CN = 172.23.123.97
      verify error:num=20:unable to get local issuer certificate
      verify return:1
      depth=0 C = UA, O = My Company, CN = 172.23.123.97
      verify error:num=27:certificate not trusted
      verify return:1
      depth=0 C = UA, O = My Company, CN = 172.23.123.97
      verify error:num=21:unable to verify the first certificate
      verify return:1
      

       

      If we try connect to 18091  

      [root@s61201-cnt65 ~]# openssl s_client -connect 127.0.0.1:18091 -CAfile /root/sslca/root/ca.pem 
      CONNECTED(00000003)
      depth=2 C = UA, O = My Company, CN = My Company Root CA
      verify return:1
      depth=1 C = UA, O = My Company, CN = My Company Intermediate CA
      verify return:1
      depth=0 C = UA, O = My Company, CN = 172.23.123.97
      verify return:1
       
      

       

      Attachments

        Issue Links

          Activity

            People

              ritam.sharma Ritam Sharma
              isha Isha Kandaswamy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty