Open weimeilin79 opened 5 years ago
@pmccarthy
@weimeilin79 @jasonmadigan Both DIL and DIL1 have been updated with valid certs for the 3scale wildcard route, see below:
curl -v https://location-user1-api-staging.amp.dil.opentry.me/locations
...
* Server certificate:
* subject: CN=amp.dil.opentry.me
* start date: Nov 1 09:24:30 2018 GMT
* expire date: Jan 30 09:24:30 2019 GMT
* subjectAltName: host "location-user1-api-staging.amp.dil.opentry.me" matched cert's "*.amp.dil.opentry.me"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
...
curl -v https://location-user1-api-staging.amp.dil1.opentry.me/locations
...
* Server certificate:
* subject: CN=amp.dil1.opentry.me
* start date: Nov 1 09:22:50 2018 GMT
* expire date: Jan 30 09:22:50 2019 GMT
* subjectAltName: host "location-user1-api-staging.amp.dil1.opentry.me" matched cert's "*.amp.dil1.opentry.me"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
...
Looks like the issue is back
Date: Nov 21st, 2018
Cluster: opentry.dil.me
username: user65
Screenshot
@VinayBhalerao This issue should now be resolved. Adding valid certificates to the wildcard route is a manual task that needs to be performed by the Integreatly SRE team. While re-provisioning the DIL environment we must have missed this step. I've updated our internal SOP documents to include this step so that this doesn't happen again. We'll also ensure that this change makes it on to the DIL1 environment also.
Validation
curl -v https://location-user1-api-staging.amp.dil.opentry.me/locations
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=amp.dil.opentry.me
* start date: Nov 1 09:24:30 2018 GMT
* expire date: Jan 30 09:24:30 2019 GMT
* subjectAltName: host "location-user1-api-staging.amp.dil.opentry.me" matched cert's "*.amp.dil.opentry.me"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
The issue is reproducible on dil.opentry.me
Date: Jan14th, 2019
Cluster: opentry.dil.me
username: user70
Screenshot
The certs on this URL https://location-userX-api-staging.amp.dil1.opentry.me/locations eg. https://location-user1-api-staging.amp.dil1.opentry.me/locations seems to self-signed, and untrusted by browser, causing issue when calling via javascript.
@jasonmadigan @aidenkeating