Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-35254

couchbase-cli does not work with secure connection and CA verification

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 6.0.3, 6.5.0
    • 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.0.2, 6.5.0
    • tools
    • Ubuntu 18,04
    • Triaged
    • Ubuntu 64-bit
    • No

    Description

      Steps to reproduce.

      • Install Couchbase server 6.5.0-3810 on a 3 nodes in AWS
      • Create a cluster of 3 nodes.
      • Tear down 3 nodes to single node
      • Generate cert from a node
      • Use that cert to connect to list alternate address on that node, failed to connect. 

        root@ip-172-31-11-63:~# /opt/couchbase/bin/couchbase-cli ssl-manage -c ec2-54-64.us-west-2.compute.amazonaws.com:8091 -u Administrator -p password --cluster-cert-info > /root/cert.pem
        		 
        root@ip-172-31-11-63:~# ls -lh
        		 
        total 8.0K
        		 
        -rw-r--r-- 1 root root 1.1K Jul 24 07:04 cert.pem
        		 
        drwxr-xr-x 3 root root 4.0K Jul 15 23:06 snap
        		 
        root@ip-172-31-11-63:~# /opt/couchbase/bin/couchbase-cli setting-alternate-address -c https://ec2-54-64.us-west-2.compute.amazonaws.com:18091 --username Administrator --password password --cacert /root/cert.pem --list
        		 
        ERROR: Unable to connect with the given CA certificate
        		 
        root@ip-172-31-11-63:~#  /opt/couchbase/bin/couchbase-cli setting-alternate-address -c https://ec2-54-64.us-west-2.compute.amazonaws.com:18091 --username Administrator --password password --cacert /root/cert.pem --list -d
        		 
        GET https://ec2-54-64.us-west-2.compute.amazonaws.com:18091/pools
        		 
        GET https://ec2-54-64.us-west-2.compute.amazonaws.com:18091/pools/default/nodeServices
        		 
        ERROR: Unable to connect with the given CA certificate
        		 
        root@ip-172-31-11-63:~# cat /etc/issue
        		 
        Ubuntu 18.04.2 LTS \n \l
        		 
        root@ip-172-31-11-63:~# more /opt/couchbase/VERSION.txt 
        6.5.0-3810
        		 
        root@ip-172-31-11-63:~#

        I try with internal IP, it does not work either.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. MB-36316 couchbase-cli does not work with secure connection and CA verification

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-35279 improve logging around ssl errors

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              pvarley Patrick Varley (Inactive)
              thuan Thuan Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty