Bug 998334 - RFE: Provide a way to disable ssl cert checks
RFE: Provide a way to disable ssl cert checks
Status: CLOSED CURRENTRELEASE
Product: PressGang CCMS
Classification: Community
Component: CSProcessor (Show other bugs)
1.x
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 1.3
Assigned To: Lee Newson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-19 01:01 EDT by Lee Newson
Modified: 2013-12-03 17:16 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-03 17:16:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lee Newson 2013-08-19 01:01:24 EDT
When connecting to internal URLs the SSL Certification checks fail because the internal SSL Certificates are signed by an internal CA. As such it would be a lot easier (although less secure) if you could just disable the ssl certificate validation (ie something like --disable-ssl-cert)
Comment 1 Lee Newson 2013-11-07 21:34:42 EST
Added in 1.3-SNAPSHOT build 201311081229

The csprocessor now has a --disable-ssl-cert option on the push-translation command to disable the ssl certification validation.
Comment 3 Lee Newson 2013-11-24 20:55:37 EST
I've also added this option to the sync-translation command for cspclient-1.3-3.noarch.rpm

Additional testing notes:

The best way to test this is to remove the Red Hat IS CA Cert by running the following command:

keytool -delete -alias rhiscacert -keystore keystore.jks

and then run a command that connects to the internal zanata instance with the --disable-ssl-cert option set. If you then get past the connecting stage (ie it'll say "Connection to Zanata server: ..."), then this option works.
Comment 4 Lee Newson 2013-11-24 21:00:19 EST
Forgot to mention that keystore.jks should be the location of your java installs cacerts file. The path below shows an example of the location of this file:

/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/lib/security/cacerts

Note: For OpenJDK installs on Fedora/RHEL the above is normally a simlink to /etc/pki/java/cacerts
Comment 6 Matthew Casperson 2013-11-27 15:46:03 EST
There were no errors when I tried --disable-ssl-cert against the test zanata instance. The test zanata instance doesn't implement HTTPS though.
Comment 9 Lee Newson 2013-11-27 18:51:11 EST
Fixed in 1.3-SNAPSHOT build 201311280944

The name of the resource was incorrect and also I had missed passing through the disable option for sync-translation in the initial host check.
Comment 12 Matthew Casperson 2013-11-27 19:58:17 EST
Ignore the above error. I tested a sync without a cert against the dev server and it worked ok.

Note You need to log in before you can comment on or make changes to this bug.