Red Hat Bugzilla – Bug 998334
RFE: Provide a way to disable ssl cert checks
Last modified: 2013-12-03 17:16:13 EST
When connecting to internal URLs the SSL Certification checks fail because the internal SSL Certificates are signed by an internal CA. As such it would be a lot easier (although less secure) if you could just disable the ssl certificate validation (ie something like --disable-ssl-cert)
Added in 1.3-SNAPSHOT build 201311081229
The csprocessor now has a --disable-ssl-cert option on the push-translation command to disable the ssl certification validation.
I've also added this option to the sync-translation command for cspclient-1.3-3.noarch.rpm
Additional testing notes:
The best way to test this is to remove the Red Hat IS CA Cert by running the following command:
keytool -delete -alias rhiscacert -keystore keystore.jks
and then run a command that connects to the internal zanata instance with the --disable-ssl-cert option set. If you then get past the connecting stage (ie it'll say "Connection to Zanata server: ..."), then this option works.
Forgot to mention that keystore.jks should be the location of your java installs cacerts file. The path below shows an example of the location of this file:
Note: For OpenJDK installs on Fedora/RHEL the above is normally a simlink to /etc/pki/java/cacerts
There were no errors when I tried --disable-ssl-cert against the test zanata instance. The test zanata instance doesn't implement HTTPS though.
Fixed in 1.3-SNAPSHOT build 201311280944
The name of the resource was incorrect and also I had missed passing through the disable option for sync-translation in the initial host check.
Ignore the above error. I tested a sync without a cert against the dev server and it worked ok.