search

Azure / azure-cosmos-db-emulator-docker

This repo serves as hub for managing issues, gathering feedback, and having discussions regarding the Cosmos DB Emulator Docker.
https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-develop-emulator?tabs=docker-linux%2Ccsharp&pivots=api-nosql
MIT License
165 stars 47 forks source link

Cannot get SSL certificate from linux preview emulator #121

Open Blackbaud-JasonBodnar opened 5 days ago

Blackbaud-JasonBodnar commented 5 days ago

Describe the bug Following the instructions for downloading the SSL certificate in the README I get an error about wrong version number.

To Reproduce Steps to reproduce the behavior:

  1. Follow the README for installing and running the linux preview emulator
  2. Run the code provided for getting the SSL certificate.

Expected behavior The SSL certificate is downloaded.

Actual behavior You get an error:

$ openssl s_client -connect ${EMULATOR_HOST}:${EMULATOR_PORT} </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $EMULATOR_CERT_PATH
4067F2F182750000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:

Desktop (please complete the following information):

Docker Images Used:

Arguments && Environment variables to start Docker:

docker run --detach --publish 8081:8081 --publish 1234:1234 mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview

xgerman commented 5 days ago

The new emulator will generate a new certificate when starting up. To get access to it run the following:

containerId=$(docker ps --all --quiet --latest)
docker cp ${containerId}:/scripts/certs/domain.crt .
docker cp ${containerId}:/scripts/certs/rootCA.crt .

You then can use keytool to add them to your keystore.

Note: You will need to do those steps every time you start the emulator. To avoid this you can either use http (which is the default and will be fully supported in an upcoming Java SDK version) or specify your own certificates.