Description
When connecting via TLS to the query service on port 18093, we cannot verify the certificate chain. This can be seen with the following -
[root@s61201-cnt65 ~]# openssl s_client -connect 127.0.0.1:18093 -CAfile /root/sslca/root/ca.pem |
CONNECTED(00000003) |
depth=0 C = UA, O = My Company, CN = 172.23.123.97 |
verify error:num=20:unable to get local issuer certificate |
verify return:1 |
depth=0 C = UA, O = My Company, CN = 172.23.123.97 |
verify error:num=27:certificate not trusted |
verify return:1 |
depth=0 C = UA, O = My Company, CN = 172.23.123.97 |
verify error:num=21:unable to verify the first certificate |
verify return:1 |
If we try connect to 18091
[root@s61201-cnt65 ~]# openssl s_client -connect 127.0.0.1:18091 -CAfile /root/sslca/root/ca.pem |
CONNECTED(00000003) |
depth=2 C = UA, O = My Company, CN = My Company Root CA |
verify return:1 |
depth=1 C = UA, O = My Company, CN = My Company Intermediate CA |
verify return:1 |
depth=0 C = UA, O = My Company, CN = 172.23.123.97 |
verify return:1 |
|
—
Attachments
Issue Links
- relates to
-
MB-26604 CLONE - Issue with verifying certificate chain for query
-
- Closed
-