TLS with client certificate for external link is not working.
Description
Components
Affects versions
Fix versions
Environment
Link to Log File, atop/blg, CBCollectInfo, Core dump
Release Notes Description
Attachments
relates to
Activity
CB robot May 11, 2021 at 8:16 AM
Build couchbase-server-6.6.2-9599 contains cbas-core commit 36fe8fa with commit message:
: use intermediate certificate authority
CB robot July 19, 2020 at 11:17 PM
Build couchbase-server-7.0.0-2640 contains cbas-core commit 36fe8fa with commit message:
: use intermediate certificate authority
CB robot July 17, 2020 at 12:55 AM
Build couchbase-server-6.6.0-7885 contains cbas-core commit 36fe8fa with commit message:
: use intermediate certificate authority
Umang Agrawal July 15, 2020 at 9:48 AM
after appending intermediate cert in client cert, the link creation is working as expected.
Verified with couchbase server build 6.6.0-7878
Ritam Sharma July 15, 2020 at 2:40 AMEdited
= long_chain172.16.1.174.pem - this is the chain cert for
/tmp/newcerts3/172.16.1.174.pem /tmp/newcerts3/int.pem /tmp/newcerts3/ca.pem > /tmp/newcerts3/long_chain172.16.1.174.pem
Above was tested with both ca and chain certs.
- can you please update ticket with chain cert.
Steps to reproduce-
1. create 2 clusters, a local cluster with cbas node, a remote cluster with KV node.
2. generate certificates root, node and client certificates for both the cluster.
3. create link to remote cluster with full encryption, remote cluster root cert, client cert and client key.
4. link creation failed.
Have verified that the certificates that were created are working.
Have also verified that the above API endpoint does not works without authentication:
Attaching all the certificates that i generated.
Node certificates -
10.112.200.104.csr ,10.112.200.104.key , 10.112.200.104.pem
Client certificates -
172.16.1.174.csr, 172.16.1.174.key, 172.16.1.174.pem
root certificates-
ca.key, ca.pem
Intermediate certificates-
int.csr, int.key, int.pem, intermediateCA.srl
other certificates-
long_chain10.112.200.104.pem, long_chain172.16.1.174.pem, root.crt, rootCA.srl