Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1446046 - glusterd: TLS verification fails when using intermediate CA instead of self-signed certificates [NEEDINFO]
glusterd: TLS verification fails when using intermediate CA instead of self-s...
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: core (Show other bugs)
3.2
Unspecified Unspecified
unspecified Severity unspecified
: ---
: RHGS 3.4.0
Assigned To: Mohit Agrawal
Bala Konda Reddy M
ssl
:
Depends On: 1555154
Blocks: 1503134
  Show dependency treegraph
 
Reported: 2017-04-27 03:05 EDT by Siddharth Sharma
Modified: 2018-09-04 02:33 EDT (History)
13 users (show)

See Also:
Fixed In Version: glusterfs-3.12.2-7
Doc Type: If docs needed, set a value
Doc Text:
Earlier to configure ssl-cert-depth option parameter needs to set in /etc/glusterfs/glusterd.vol but after apply the patch parameter (transport.socket.ssl-cert-depth) needs to be set in /var/lib/glusterd/secure-access. This parameter is useful only while management Secure Sockets Layer is enabled.
Story Points: ---
Clone Of:
: 1555154 (view as bug list)
Environment:
Last Closed: 2018-09-04 02:32:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
srmukher: needinfo? (moagrawa)

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2607 None None None 2018-09-04 02:33 EDT

  None (edit)
Comment 25 Bala Konda Reddy M 2018-08-23 11:04:49 EDT 
Build: 3.12.2-16

1. On a three glusterd nodes stopped the glusterd
2. Added the root ca and intermediate ca to glusterfs.ca to /etc/ssl/glusterfs.ca
3. copied root ca, ~]# rca.crt /etc/pki/ca-trust/source/anchors on all the gluster nodes
4. Updated the certs ~]# update-ca-trust
5. Created secure-access file in /var/lib/glusterd/secure-access and added the "option transport.socket.ssl-cert-depth 2"
6. Started glusterd.
7. Performed peer probe, created volume, started and mounted ran iozone.
8. Tried to mounted on non-ssl nodes, it failed as expected
9. Tried to peer probe to non-ssl nodes, it failed as expected

Hence moving to verified
Comment 27 errata-xmlrpc 2018-09-04 02:32:03 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2607
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.