smoldenhauer-ish
commented
3 months ago I'll need to have a look into solrcloud_tls_test.go and see if I am able to understand it and can add a test in the next days.
Open smoldenhauer-ish opened 4 months ago
smoldenhauer-ish
commented
3 months ago I'll need to have a look into solrcloud_tls_test.go and see if I am able to understand it and can add a test in the next days.
smoldenhauer-ish
commented
2 months ago @HoustonPutman applied your suggestions and added a test that will omit the initial creation of the keystore by the cert-manager and invokes the gen-pkcs12-keystore init container. The shell command executes but the openssl fails with the error: "No certificate matches private key" The test fails even, if I rollback my changes to the command. So it might has something to do with the cert-manager generated certificate and private key.
smoldenhauer-ish
commented
2 months ago I changed the double "-in" option into "-certfile ca.crt" to add the additional certificate(s) from an ca.crt entry into the created keystore.p12 The double "-in" from the original code is not evaluated by openssl - currently with openssl 1.1.1 the last -in is used. So it fails, if that is the ca.crt, because there is "No certificate matches private key" the first -in tls.crt is ignored.
With the -certfile option the additional ca.crt is added - the generated keystore.p12 contains the both certificates just like the cert-manager generated keystore.
smoldenhauer-ish
commented
2 months ago Hope this is good for merge, now. BTW, I'm offline for the next two weeks.
Thanks for the fix here @smoldenhauer-ish ! Is there a way we can add an integration test, which we already have that use cert-manager, to test this? They currently live in
tests/e2e/solrcloud_tls_test.go.