TLS with client certificate for external link is not working.

Description

Steps to reproduce-

1. create 2 clusters, a local cluster with cbas node, a remote cluster with KV node.

2. generate certificates root, node and client certificates for both the cluster.

3. create link to remote cluster with full encryption, remote cluster root cert, client cert and client key.

4. link creation failed.

Have verified that the certificates that were created are working.

Have also verified that the above API endpoint does not works without authentication:

Attaching all the certificates that i generated.

Node certificates -
10.112.200.104.csr ,10.112.200.104.key , 10.112.200.104.pem

Client certificates -
172.16.1.174.csr, 172.16.1.174.key, 172.16.1.174.pem

root certificates-
ca.key, ca.pem

Intermediate certificates-
int.csr, int.key, int.pem, intermediateCA.srl

other certificates-
long_chain10.112.200.104.pem, long_chain172.16.1.174.pem, root.crt, rootCA.srl

Components

Affects versions

Fix versions

Environment

CouchBase server version 6.6.0-7861

Link to Log File, atop/blg, CBCollectInfo, Core dump

https://cb-jira.s3.us-east-2.amazonaws.com/logs/MB40358/create_link

Release Notes Description

None

Attachments

2

Activity

Show:

CB robot May 11, 2021 at 8:16 AM

Build couchbase-server-6.6.2-9599 contains cbas-core commit 36fe8fa with commit message:
: use intermediate certificate authority

CB robot July 19, 2020 at 11:17 PM

Build couchbase-server-7.0.0-2640 contains cbas-core commit 36fe8fa with commit message:
: use intermediate certificate authority

CB robot July 17, 2020 at 12:55 AM

Build couchbase-server-6.6.0-7885 contains cbas-core commit 36fe8fa with commit message:
: use intermediate certificate authority

Umang Agrawal July 15, 2020 at 9:48 AM

after appending intermediate cert in client cert, the link creation is working as expected.
Verified with couchbase server build 6.6.0-7878

Ritam Sharma July 15, 2020 at 2:40 AM
Edited

= long_chain172.16.1.174.pem - this is the chain cert for

/tmp/newcerts3/172.16.1.174.pem /tmp/newcerts3/int.pem /tmp/newcerts3/ca.pem > /tmp/newcerts3/long_chain172.16.1.174.pem

Above was tested with both ca and chain certs.

- can you please update ticket with chain cert.

User Error
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Umang Agrawal(Deactivated)

Reporter

Is this a Regression?

Unknown

Triage

Untriaged

Operating System

Centos 64-bit

Due date

Story Points

1

Sprint

Priority

Instabug

Open Instabug

PagerDuty

Sentry

Zendesk Support

Created July 9, 2020 at 9:01 AM
Updated May 11, 2021 at 8:16 AM
Resolved July 14, 2020 at 10:24 PM
Instabug
Loading...