porterbot
commented
2 years ago Found the issue; the jacs-init-filesystem generates a self-signed certificate but at the time that executes it still has the old Subject CN in the cert. By regenerating the self-signed certificate with the correct Subject, I got past this issue and helped CHSL get past it too. We need to update the documentation to run the jacs-init-filesystem after we update the $HOST in the .env.config.
The self-signed SSL certificate causes problems for many users. Initially, it will cause a SSLHandshakeException if the cert is not manually imported into the client. Even once that is fixed, there is sometimes a different exception on the server side:
"ssl_do_handshake failed" "ssl alert number 46"
It's currently unclear how to get past this error, it seems like the server is rejecting the client's cert this time. Setting
ssl_verify_client offhad no effect.