bricevollmer
commented
3 years ago This seems to have been failing due to our internal self signed PKI chain. After adding our own internal chain to the P11-kit store, this is working as intended.
For more info on how to add internal CA to keystore, follow these article: https://www.seidengroup.com/2021/04/26/how-to-validate-self-signed-ssl-tls-certificates-from-ibm-i/
I get the following Certificate error when running check_download_ptf_group.yml that checks the IBM PSP site for PTF information. I have the ca-certificates RPM package installed on the target/repository IBMi system. What else is needed to make the secure connection here?
TASK [ibm.power_ibmi.fix_repo_check_ptf_group : Print the latest PTF group information] **** ok: [server] => { "fix_group_check_result": { "changed": false, "count": 1, "elapsed_time": "0:00:00.261933", "end": "2021-05-10 08:58:53.310572", "failed": false, "group_info": [ { "error": "<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>", "url": "https://www.ibm.com/support/pages/node/6211843" } ], "rc": 0, "start": "2021-05-10 08:58:53.048639", "stderr": "", "stderr_lines": [] } }