Kyle -
Verify return code: 19 (self signed certificate in certificate chain)
Since your server cert is self-signed, there's not much more that can
be done at this point I believe. My security tests use a dedicated CA
where the Root cert is available for validation
(https://github.com/basho/riak-c
nt: None
SRP username: None
Start Time: 1472681389
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
-Original Message-----
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Tuesday, August 30, 2016 2:21 PM
To: Nguyen, Kyle
Cc: Riak Us
asho.com]
> Sent: Tuesday, August 30, 2016 2:14 PM
> To: Nguyen, Kyle
> Cc: Riak Users
> Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
> using Java client
>
> Kyle,
>
> I would be interested to see the output of this command run on the sam
Hi Luke,
I am using TLS for protocol buffer - not sure if you're thinking of HTTP only.
Thanks
-Kyle-
-Original Message-
From: Luke Bakken [mailto:lbak...@basho.com]
Sent: Tuesday, August 30, 2016 2:14 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (
Kyle,
I would be interested to see the output of this command run on the
same server as your Riak node:
openssl s_client -debug -connect localhost:8098
Please replace "8098" with the HTTPS port used in this configuration
setting in your /etc/riak.conf file:
listener.https.internal
--
Luke Bakk
le
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Kyle -
The CN should be either the DNS-resolvable host name of the Riak node, or its
IP address (without "riak@"). Then, the Java client should be configured to use
that to co
Kyle -
The CN should be either the DNS-resolvable host name of the Riak node,
or its IP address (without "riak@"). Then, the Java client should be
configured to use that to connect to the node (either DNS or IP).
Without doing that, I really don't have any idea how the Java client
is validating th
e Bakken [mailto:lbak...@basho.com]
Sent: Monday, August 29, 2016 2:20 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Hi Kyle -
Thanks for the info. Just so you know, setting check_clr = off means that Riak
wi
> From: Luke Bakken [mailto:lbak...@basho.com]
> Sent: Monday, August 29, 2016 7:59 AM
> To: Nguyen, Kyle
> Cc: Riak Users
> Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
> using Java client
>
> Kyle -
>
> What is the output of these com
59 AM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Kyle -
What is the output of these commands?
riak-admin security print-users
riak-admin security print-sources
http://docs.basho.com/riak/kv/2.1.4/using/security/b
Kyle -
What is the output of these commands?
riak-admin security print-users
riak-admin security print-sources
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#user-management
Please note that setting up certificate authentication *requires* that
you have set up SSL / TLS in Riak as w
PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication
using Java client
Try adding the following Java property setting when launching your java client
in order to see SSL Handshake related debug information:
-Djavax.net.debug
Try adding the following Java property setting when launching your java
client in order to see SSL Handshake related debug information:
-Djavax.net.debug=ssl:handshake
Or to see all ssl related debug output:
-Djavax.net.debug=ssl
On Thu, Aug 25, 2016 at 4:24 PM, Nguyen, Kyle
wrote:
> Hi all
Hi all,
I was trying to implement client certificate based authentication following
http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but kept getting the
following SSL Handshake exception. I believe I have the client keystore,
truststore and riak server cert/key setup properly. Both c
14 matches
Mail list logo
