Description
Build
5.5.0-2126
Please note that neither of the following work in client-cert mandatory mode.
$ curl -v --cacert /tmp/newcerts77/root.crt --cert-type PEM --cert /tmp/newcerts77/172.23.108.222.pem --key-type PEM --key /tmp/newcerts77/172.23.108.222.key -d name=C2 -d hostname=172.23.106.176:8091 -d username=Administrator -d password=password -d demandEncryption=1 --data-urlencode "certificate=$(cat cert.pem)" -X POST https://172.23.106.139:18091/pools/default/remoteClusters |
|
* About to connect() to 172.23.106.139 port 18091 (#0) |
* Trying 172.23.106.139... |
* Connected to 172.23.106.139 (172.23.106.139) port 18091 (#0) |
* Initializing NSS with certpath: sql:/etc/pki/nssdb
|
* CAfile: /tmp/newcerts77/root.crt
|
CApath: none
|
* NSS: client certificate from file
|
* subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA
|
* start date: Mar 14 05:12:48 2018 GMT |
* expire date: Mar 14 05:12:48 2019 GMT |
* common name: www.cb-cbadminbucket.com
|
* issuer: CN=My Company Intermediate CA,O=My Company,C=UA
|
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
* Server certificate:
|
* subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA
|
* start date: Mar 14 05:12:48 2018 GMT |
* expire date: Jan 08 05:12:48 2019 GMT |
* common name: www.cb-cbadminbucket.com
|
* issuer: CN=My Company Intermediate CA,O=My Company,C=UA
|
> POST /pools/default/remoteClusters HTTP/1.1 |
> User-Agent: curl/7.29.0 |
> Host: 172.23.106.139:18091 |
> Accept: */*
|
> Content-Length: 1027 |
> Content-Type: application/x-www-form-urlencoded
|
> Expect: 100-continue |
>
|
< HTTP/1.1 100 Continue |
< HTTP/1.1 500 Internal Server Error |
< X-XSS-Protection: 1; mode=block |
< X-Permitted-Cross-Domain-Policies: none
|
< X-Frame-Options: DENY
|
< X-Content-Type-Options: nosniff
|
< Server: Couchbase Server
|
< Pragma: no-cache
|
< Expires: Thu, 01 Jan 1970 00:00:00 GMT |
< Date: Wed, 14 Mar 2018 06:07:42 GMT |
< Content-Type: text/plain; charset=utf-8 |
< Content-Length: 42 |
< Connection: close
|
< Cache-Control: no-cache,no-store,must-revalidate
|
<
|
Request doesn't have a client certificate
|
|
curl -v -X POST --cacert /tmp/newcerts77/root.crt --cert /tmp/newcerts77/172.23.108.222.pem --key /tmp/newcerts77/172.23.108.222.key -d name=C2 -d hostname=172.23.106.176:8091 -d username=Administrator -d password=password -d demandEncryption=1 --data-urlencode "certificate=$(cat cert.pem)" https://Administrator:password@172.23.106.139:18091/pools/default/remoteClusters |
* About to connect() to 172.23.106.139 port 18091 (#0) |
* Trying 172.23.106.139... |
* Connected to 172.23.106.139 (172.23.106.139) port 18091 (#0) |
* Initializing NSS with certpath: sql:/etc/pki/nssdb
|
* CAfile: /tmp/newcerts77/root.crt
|
CApath: none
|
* NSS: client certificate from file
|
* subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA
|
* start date: Mar 14 05:12:48 2018 GMT |
* expire date: Mar 14 05:12:48 2019 GMT |
* common name: www.cb-cbadminbucket.com
|
* issuer: CN=My Company Intermediate CA,O=My Company,C=UA
|
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
* Server certificate:
|
* subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA
|
* start date: Mar 14 05:12:48 2018 GMT |
* expire date: Jan 08 05:12:48 2019 GMT |
* common name: www.cb-cbadminbucket.com
|
* issuer: CN=My Company Intermediate CA,O=My Company,C=UA
|
* Server auth using Basic with user 'Administrator' |
> POST /pools/default/remoteClusters HTTP/1.1 |
> Authorization: Basic QWRtaW5pc3RyYXRvcjpwYXNzd29yZA==
|
> User-Agent: curl/7.29.0 |
> Host: 172.23.106.139:18091 |
> Accept: */*
|
> Content-Length: 1027 |
> Content-Type: application/x-www-form-urlencoded
|
> Expect: 100-continue |
>
|
< HTTP/1.1 100 Continue |
< HTTP/1.1 500 Internal Server Error |
< X-XSS-Protection: 1; mode=block |
< X-Permitted-Cross-Domain-Policies: none
|
< X-Frame-Options: DENY
|
< X-Content-Type-Options: nosniff
|
< Server: Couchbase Server
|
< Pragma: no-cache
|
< Expires: Thu, 01 Jan 1970 00:00:00 GMT |
< Date: Wed, 14 Mar 2018 06:04:46 GMT |
< Content-Type: text/plain; charset=utf-8 |
< Content-Length: 42 |
< Connection: close
|
< Cache-Control: no-cache,no-store,must-revalidate
|
<
|
Request doesn't have a client certificate
|
* Closing connection 0 |
|
However in disable mode, I'm able to create the remote cluster reference.
Source cluster - https://s3.amazonaws.com/cb-engineering/Aruna/collectinfo-2018-03-14T065055-ns_1%40127.0.0.1.zip
Target cluster - https://s3.amazonaws.com/cb-engineering/Aruna/collectinfo-2018-03-14T065114-ns_1%40127.0.0.1.zip