AeroGear Push
  1. AeroGear Push
  2. AGPUSH-287

Undo OpenShift SSL Certificate workaround

    Details

    • Bugzilla Update:
      Perform
    • Similar Issues:
      Show 10 results 

      Description

      In AGPUSH-224 we added a workaround for an OpenShift ssl cert issue.

      Once that is fixed, we need to remove the code we added for that JIRA

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            RH Bugzilla Integration added a comment -

            Meng Bo <bmeng@redhat.com> made a comment on bug 997108

            Checked on latest INT(devenv_3680), the 8443 port can be connected via ssl client.

            And according the commnet#10, the CA and SSL are the same on INT, And it will be different on PROD.

            Move the bug to verified.

            Show
            RH Bugzilla Integration added a comment - Meng Bo <bmeng@redhat.com> made a comment on bug 997108 Checked on latest INT(devenv_3680), the 8443 port can be connected via ssl client. And according the commnet#10, the CA and SSL are the same on INT, And it will be different on PROD. Move the bug to verified.
            Hide
            RH Bugzilla Integration added a comment -

            Meng Bo <bmeng@redhat.com> changed the Status of bug 997108 from ON_QA to VERIFIED

            Show
            RH Bugzilla Integration added a comment - Meng Bo <bmeng@redhat.com> changed the Status of bug 997108 from ON_QA to VERIFIED
            Hide
            RH Bugzilla Integration added a comment -

            Dan McPherson <dmcphers@redhat.com> changed the Status of bug 997108 from VERIFIED to CLOSED

            Show
            RH Bugzilla Integration added a comment - Dan McPherson <dmcphers@redhat.com> changed the Status of bug 997108 from VERIFIED to CLOSED
            Hide
            RH Bugzilla Integration added a comment -

            matzew@redhat.com made a comment on bug 997108

            This issue seems still be open:

            openssl s_client -connect delete-pushee.rhcloud.com:8443

            ==>> Only one cert in the "Certificate chain" (the self-signed cert)

            Testing against the 'standard' port:
            openssl s_client -connect delete-pushee.rhcloud.com:443

            Two certs (as expected) certs in the chain....

            Show
            RH Bugzilla Integration added a comment - matzew@redhat.com made a comment on bug 997108 This issue seems still be open: openssl s_client -connect delete-pushee.rhcloud.com:8443 ==>> Only one cert in the "Certificate chain" (the self-signed cert) Testing against the 'standard' port: openssl s_client -connect delete-pushee.rhcloud.com:443 Two certs (as expected) certs in the chain....
            Hide
            RH Bugzilla Integration added a comment -

            matzew@redhat.com made a comment on bug 997108

            Running 'openssl s_client -connect delete-pushee.rhcloud.com:8443'

            I am getting this:

            Certificate chain
            0 s:/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com
            i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA

            Server certificate
            ----BEGIN CERTIFICATE----
            MIIFFzCCA/+gAwIBAgIDAf0eMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT
            MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM
            IENBMB4XDTEzMDIwMjE5MTUzN1oXDTE1MDUwODAxNDkxM1owgbExKTAnBgNVBAUT
            IExuaHpKSHhjWDBiSWRsSDJJVG5EZ2Fld2V5OGNlNWczMQswCQYDVQQGEwJVUzEX
            MBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxFDASBgNV
            BAoTC1JlZCBIYXQgSW5jMR4wHAYDVQQLExVSSEMgQ2xvdWQgT3BvZXJhdGlvbnMx
            FjAUBgNVBAMMDSoucmhjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
            ggEKAoIBAQCxAEY922gAMY6nxfwDS2gVLqePypw/jboknS274rnuppSmW1dQziCJ
            fnL18kGLROsp+HoU/rdnvBQG/LhNhYWfD5w+sdB6ciUUM4/3u1CE1/gG5XcA/CD6
            8u9cDg1Swyc0isex269x4IRmJX0bdPvH5BEIDaDpkeF+XjpMRWO88IvPsTljkm4N
            PbiGWs57gNUzQV6i/NFH8opRW6IoJ8A78wwzfT3lylx4W2IzGHcbG/J4ydsTVYIr
            hbC3qMA3uf8kSOYt1EIVFVbWQyAgCR3usn515HLjlkbMAFUsnTUb9h39NqtehuBL
            Jv4ojClYtj+YzGDKlaLewxxVhh7LDIm9AgMBAAGjggGmMIIBojAfBgNVHSMEGDAW
            gBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYw
            FAYIKwYBBQUHAwEGCCsGAQUFBwMCMCUGA1UdEQQeMByCDSoucmhjbG91ZC5jb22C
            C3JoY2xvdWQuY29tMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu
            Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBS0VOLUqvJ1EhfN
            8iFK2cswdQCuOzAMBgNVHRMBAf8EAjAAMG8GCCsGAQUFBwEBBGMwYTAqBggrBgEF
            BQcwAYYeaHR0cDovL2d0c3NsLW9jc3AuZ2VvdHJ1c3QuY29tMDMGCCsGAQUFBzAC
            hidodHRwOi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5jcnQwTAYDVR0g
            BEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv
            dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAF6q7m65
            Mf/fyL+J6s1Q2PHP886+6DWorFyMPMsXBXA/Ap4Hw3XyZD9GEB3J9nWJXazVbFeT
            X9aowyeaGMzTjwS7EQDEW/WNm5kthJ0giTIl5WU5SigFZFddx1r7Tv8EiyouxeDE
            kX+nX7SaikTGTKl5W46mwuLbAk3ujF7aNRt8ufrNE76RU5SoYGMKM2bFC2zXOW6z
            Xh7Mv51bShWhCUA3H9US66PCAfLVd5ubiXWoha14aHHCFz20Tnpk0dPc4qwBj71i
            5VXUR0y40gQ2BctAuyqRXC3MSnrAtCzpXlBlrZ151HufimLZI4IBbtrAd2mhBxq+
            1szz2FmHB4SIzq8=
            ----END CERTIFICATE----
            subject=/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com
            issuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA

            No client certificate CA names sent

            SSL handshake has read 1476 bytes and written 456 bytes

            New, TLSv1/SSLv3, Cipher is AES256-SHA
            Server public key is 2048 bit
            Secure Renegotiation IS supported
            Compression: NONE
            Expansion: NONE
            SSL-Session:
            Protocol : TLSv1
            Cipher : AES256-SHA
            Session-ID: D4B1B77D961933AAD362EDB3424F0594554B6FF2CBA68FEA4F4C65DFCBF571CE
            Session-ID-ctx:
            Master-Key: 8989A172015FF2ED19B0458D643DAB7C412909BBF5B94542B8DADE82D85EB00AEB81606792FB0ED2CC0793751806C00B
            Key-Arg : None
            Start Time: 1379409734
            Timeout : 300 (sec)
            Verify return code: 21 (unable to verify the first certificate)

            Note in the last line "unable to verify the first certificate"

            Show
            RH Bugzilla Integration added a comment - matzew@redhat.com made a comment on bug 997108 Running 'openssl s_client -connect delete-pushee.rhcloud.com:8443' I am getting this: Certificate chain 0 s:/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA — Server certificate ---- BEGIN CERTIFICATE ---- MIIFFzCCA/+gAwIBAgIDAf0eMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEzMDIwMjE5MTUzN1oXDTE1MDUwODAxNDkxM1owgbExKTAnBgNVBAUT IExuaHpKSHhjWDBiSWRsSDJJVG5EZ2Fld2V5OGNlNWczMQswCQYDVQQGEwJVUzEX MBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxFDASBgNV BAoTC1JlZCBIYXQgSW5jMR4wHAYDVQQLExVSSEMgQ2xvdWQgT3BvZXJhdGlvbnMx FjAUBgNVBAMMDSoucmhjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCxAEY922gAMY6nxfwDS2gVLqePypw/jboknS274rnuppSmW1dQziCJ fnL18kGLROsp+HoU/rdnvBQG/LhNhYWfD5w+sdB6ciUUM4/3u1CE1/gG5XcA/CD6 8u9cDg1Swyc0isex269x4IRmJX0bdPvH5BEIDaDpkeF+XjpMRWO88IvPsTljkm4N PbiGWs57gNUzQV6i/NFH8opRW6IoJ8A78wwzfT3lylx4W2IzGHcbG/J4ydsTVYIr hbC3qMA3uf8kSOYt1EIVFVbWQyAgCR3usn515HLjlkbMAFUsnTUb9h39NqtehuBL Jv4ojClYtj+YzGDKlaLewxxVhh7LDIm9AgMBAAGjggGmMIIBojAfBgNVHSMEGDAW gBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMCUGA1UdEQQeMByCDSoucmhjbG91ZC5jb22C C3JoY2xvdWQuY29tMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBS0VOLUqvJ1EhfN 8iFK2cswdQCuOzAMBgNVHRMBAf8EAjAAMG8GCCsGAQUFBwEBBGMwYTAqBggrBgEF BQcwAYYeaHR0cDovL2d0c3NsLW9jc3AuZ2VvdHJ1c3QuY29tMDMGCCsGAQUFBzAC hidodHRwOi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5jcnQwTAYDVR0g BEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAF6q7m65 Mf/fyL+J6s1Q2PHP886+6DWorFyMPMsXBXA/Ap4Hw3XyZD9GEB3J9nWJXazVbFeT X9aowyeaGMzTjwS7EQDEW/WNm5kthJ0giTIl5WU5SigFZFddx1r7Tv8EiyouxeDE kX+nX7SaikTGTKl5W46mwuLbAk3ujF7aNRt8ufrNE76RU5SoYGMKM2bFC2zXOW6z Xh7Mv51bShWhCUA3H9US66PCAfLVd5ubiXWoha14aHHCFz20Tnpk0dPc4qwBj71i 5VXUR0y40gQ2BctAuyqRXC3MSnrAtCzpXlBlrZ151HufimLZI4IBbtrAd2mhBxq+ 1szz2FmHB4SIzq8= ---- END CERTIFICATE ---- subject=/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com issuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA — No client certificate CA names sent — SSL handshake has read 1476 bytes and written 456 bytes — New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: D4B1B77D961933AAD362EDB3424F0594554B6FF2CBA68FEA4F4C65DFCBF571CE Session-ID-ctx: Master-Key: 8989A172015FF2ED19B0458D643DAB7C412909BBF5B94542B8DADE82D85EB00AEB81606792FB0ED2CC0793751806C00B Key-Arg : None Start Time: 1379409734 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) — Note in the last line "unable to verify the first certificate"

              People

              • Assignee:
                Matthias Wessendorf
                Reporter:
                Matthias Wessendorf
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development