Uploaded image for project: 'AeroGear Push'
  1. AeroGear Push
  2. AGPUSH-287

Undo OpenShift SSL Certificate workaround

    Details

      Description

      In AGPUSH-224 we added a workaround for an OpenShift ssl cert issue.

      Once that is fixed, we need to remove the code we added for that JIRA

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            jira-bugzilla-migration RH Bugzilla Integration added a comment -

            Meng Bo <bmeng@redhat.com> made a comment on bug 997108

            Checked on latest INT(devenv_3680), the 8443 port can be connected via ssl client.

            And according the commnet#10, the CA and SSL are the same on INT, And it will be different on PROD.

            Move the bug to verified.

            Show
            jira-bugzilla-migration RH Bugzilla Integration added a comment - Meng Bo <bmeng@redhat.com> made a comment on bug 997108 Checked on latest INT(devenv_3680), the 8443 port can be connected via ssl client. And according the commnet#10, the CA and SSL are the same on INT, And it will be different on PROD. Move the bug to verified.
            Hide
            jira-bugzilla-migration RH Bugzilla Integration added a comment -

            Meng Bo <bmeng@redhat.com> changed the Status of bug 997108 from ON_QA to VERIFIED

            Show
            jira-bugzilla-migration RH Bugzilla Integration added a comment - Meng Bo <bmeng@redhat.com> changed the Status of bug 997108 from ON_QA to VERIFIED
            Hide
            jira-bugzilla-migration RH Bugzilla Integration added a comment -

            Dan McPherson <dmcphers@redhat.com> changed the Status of bug 997108 from VERIFIED to CLOSED

            Show
            jira-bugzilla-migration RH Bugzilla Integration added a comment - Dan McPherson <dmcphers@redhat.com> changed the Status of bug 997108 from VERIFIED to CLOSED
            Hide
            jira-bugzilla-migration RH Bugzilla Integration added a comment -

            matzew@redhat.com made a comment on bug 997108

            This issue seems still be open:

            openssl s_client -connect delete-pushee.rhcloud.com:8443

            ==>> Only one cert in the "Certificate chain" (the self-signed cert)

            Testing against the 'standard' port:
            openssl s_client -connect delete-pushee.rhcloud.com:443

            Two certs (as expected) certs in the chain....

            Show
            jira-bugzilla-migration RH Bugzilla Integration added a comment - matzew@redhat.com made a comment on bug 997108 This issue seems still be open: openssl s_client -connect delete-pushee.rhcloud.com:8443 ==>> Only one cert in the "Certificate chain" (the self-signed cert) Testing against the 'standard' port: openssl s_client -connect delete-pushee.rhcloud.com:443 Two certs (as expected) certs in the chain....
            Hide
            jira-bugzilla-migration RH Bugzilla Integration added a comment -

            matzew@redhat.com made a comment on bug 997108

            Running 'openssl s_client -connect delete-pushee.rhcloud.com:8443'

            I am getting this:

            Certificate chain
            0 s:/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com
            i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA

            Server certificate
            ----BEGIN CERTIFICATE----
            MIIFFzCCA/+gAwIBAgIDAf0eMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT
            MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM
            IENBMB4XDTEzMDIwMjE5MTUzN1oXDTE1MDUwODAxNDkxM1owgbExKTAnBgNVBAUT
            IExuaHpKSHhjWDBiSWRsSDJJVG5EZ2Fld2V5OGNlNWczMQswCQYDVQQGEwJVUzEX
            MBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxFDASBgNV
            BAoTC1JlZCBIYXQgSW5jMR4wHAYDVQQLExVSSEMgQ2xvdWQgT3BvZXJhdGlvbnMx
            FjAUBgNVBAMMDSoucmhjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
            ggEKAoIBAQCxAEY922gAMY6nxfwDS2gVLqePypw/jboknS274rnuppSmW1dQziCJ
            fnL18kGLROsp+HoU/rdnvBQG/LhNhYWfD5w+sdB6ciUUM4/3u1CE1/gG5XcA/CD6
            8u9cDg1Swyc0isex269x4IRmJX0bdPvH5BEIDaDpkeF+XjpMRWO88IvPsTljkm4N
            PbiGWs57gNUzQV6i/NFH8opRW6IoJ8A78wwzfT3lylx4W2IzGHcbG/J4ydsTVYIr
            hbC3qMA3uf8kSOYt1EIVFVbWQyAgCR3usn515HLjlkbMAFUsnTUb9h39NqtehuBL
            Jv4ojClYtj+YzGDKlaLewxxVhh7LDIm9AgMBAAGjggGmMIIBojAfBgNVHSMEGDAW
            gBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYw
            FAYIKwYBBQUHAwEGCCsGAQUFBwMCMCUGA1UdEQQeMByCDSoucmhjbG91ZC5jb22C
            C3JoY2xvdWQuY29tMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu
            Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBS0VOLUqvJ1EhfN
            8iFK2cswdQCuOzAMBgNVHRMBAf8EAjAAMG8GCCsGAQUFBwEBBGMwYTAqBggrBgEF
            BQcwAYYeaHR0cDovL2d0c3NsLW9jc3AuZ2VvdHJ1c3QuY29tMDMGCCsGAQUFBzAC
            hidodHRwOi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5jcnQwTAYDVR0g
            BEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv
            dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAF6q7m65
            Mf/fyL+J6s1Q2PHP886+6DWorFyMPMsXBXA/Ap4Hw3XyZD9GEB3J9nWJXazVbFeT
            X9aowyeaGMzTjwS7EQDEW/WNm5kthJ0giTIl5WU5SigFZFddx1r7Tv8EiyouxeDE
            kX+nX7SaikTGTKl5W46mwuLbAk3ujF7aNRt8ufrNE76RU5SoYGMKM2bFC2zXOW6z
            Xh7Mv51bShWhCUA3H9US66PCAfLVd5ubiXWoha14aHHCFz20Tnpk0dPc4qwBj71i
            5VXUR0y40gQ2BctAuyqRXC3MSnrAtCzpXlBlrZ151HufimLZI4IBbtrAd2mhBxq+
            1szz2FmHB4SIzq8=
            ----END CERTIFICATE----
            subject=/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com
            issuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA

            No client certificate CA names sent

            SSL handshake has read 1476 bytes and written 456 bytes

            New, TLSv1/SSLv3, Cipher is AES256-SHA
            Server public key is 2048 bit
            Secure Renegotiation IS supported
            Compression: NONE
            Expansion: NONE
            SSL-Session:
            Protocol : TLSv1
            Cipher : AES256-SHA
            Session-ID: D4B1B77D961933AAD362EDB3424F0594554B6FF2CBA68FEA4F4C65DFCBF571CE
            Session-ID-ctx:
            Master-Key: 8989A172015FF2ED19B0458D643DAB7C412909BBF5B94542B8DADE82D85EB00AEB81606792FB0ED2CC0793751806C00B
            Key-Arg : None
            Start Time: 1379409734
            Timeout : 300 (sec)
            Verify return code: 21 (unable to verify the first certificate)

            Note in the last line "unable to verify the first certificate"

            Show
            jira-bugzilla-migration RH Bugzilla Integration added a comment - matzew@redhat.com made a comment on bug 997108 Running 'openssl s_client -connect delete-pushee.rhcloud.com:8443' I am getting this: Certificate chain 0 s:/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA — Server certificate ---- BEGIN CERTIFICATE ---- MIIFFzCCA/+gAwIBAgIDAf0eMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEzMDIwMjE5MTUzN1oXDTE1MDUwODAxNDkxM1owgbExKTAnBgNVBAUT IExuaHpKSHhjWDBiSWRsSDJJVG5EZ2Fld2V5OGNlNWczMQswCQYDVQQGEwJVUzEX MBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxFDASBgNV BAoTC1JlZCBIYXQgSW5jMR4wHAYDVQQLExVSSEMgQ2xvdWQgT3BvZXJhdGlvbnMx FjAUBgNVBAMMDSoucmhjbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCxAEY922gAMY6nxfwDS2gVLqePypw/jboknS274rnuppSmW1dQziCJ fnL18kGLROsp+HoU/rdnvBQG/LhNhYWfD5w+sdB6ciUUM4/3u1CE1/gG5XcA/CD6 8u9cDg1Swyc0isex269x4IRmJX0bdPvH5BEIDaDpkeF+XjpMRWO88IvPsTljkm4N PbiGWs57gNUzQV6i/NFH8opRW6IoJ8A78wwzfT3lylx4W2IzGHcbG/J4ydsTVYIr hbC3qMA3uf8kSOYt1EIVFVbWQyAgCR3usn515HLjlkbMAFUsnTUb9h39NqtehuBL Jv4ojClYtj+YzGDKlaLewxxVhh7LDIm9AgMBAAGjggGmMIIBojAfBgNVHSMEGDAW gBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMCUGA1UdEQQeMByCDSoucmhjbG91ZC5jb22C C3JoY2xvdWQuY29tMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBS0VOLUqvJ1EhfN 8iFK2cswdQCuOzAMBgNVHRMBAf8EAjAAMG8GCCsGAQUFBwEBBGMwYTAqBggrBgEF BQcwAYYeaHR0cDovL2d0c3NsLW9jc3AuZ2VvdHJ1c3QuY29tMDMGCCsGAQUFBzAC hidodHRwOi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5jcnQwTAYDVR0g BEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAF6q7m65 Mf/fyL+J6s1Q2PHP886+6DWorFyMPMsXBXA/Ap4Hw3XyZD9GEB3J9nWJXazVbFeT X9aowyeaGMzTjwS7EQDEW/WNm5kthJ0giTIl5WU5SigFZFddx1r7Tv8EiyouxeDE kX+nX7SaikTGTKl5W46mwuLbAk3ujF7aNRt8ufrNE76RU5SoYGMKM2bFC2zXOW6z Xh7Mv51bShWhCUA3H9US66PCAfLVd5ubiXWoha14aHHCFz20Tnpk0dPc4qwBj71i 5VXUR0y40gQ2BctAuyqRXC3MSnrAtCzpXlBlrZ151HufimLZI4IBbtrAd2mhBxq+ 1szz2FmHB4SIzq8= ---- END CERTIFICATE ---- subject=/serialNumber=LnhzJHxcX0bIdlH2ITnDgaewey8ce5g3/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Opoerations/CN=*.rhcloud.com issuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA — No client certificate CA names sent — SSL handshake has read 1476 bytes and written 456 bytes — New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: D4B1B77D961933AAD362EDB3424F0594554B6FF2CBA68FEA4F4C65DFCBF571CE Session-ID-ctx: Master-Key: 8989A172015FF2ED19B0458D643DAB7C412909BBF5B94542B8DADE82D85EB00AEB81606792FB0ED2CC0793751806C00B Key-Arg : None Start Time: 1379409734 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) — Note in the last line "unable to verify the first certificate"

              People

              • Assignee:
                mwessendorf Matthias Wessendorf
                Reporter:
                mwessendorf Matthias Wessendorf
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development