Closed james-fitzgerald closed 7 years ago
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/146642255
The labels on this github issue will be updated when the story is started.
đź‘Ť still not working as of 3.13.0
$ uaac version
UAA client 3.13.0
$ uaac target --debug --skip-ssl-validation https://sso-demo.login.run.haas-62.pez.pivotal.io/uaa
--->
request: get https://sso-demo.login.run.haas-62.pez.pivotal.io/uaa/login
headers: {"accept"=>"application/json;charset=utf-8"}
<---- no response due to exception: #<CF::UAA::SSLException: Invalid SSL Cert for https://sso-demo.login.run.haas-62.pez.pivotal.io/uaa/login. Use '--skip-ssl-validation' to continue with an insecure target>failed to access https://sso-demo.login.run.haas-62.pez.pivotal.io/uaa: Invalid SSL Cert for https://sso-demo.login.run.haas-62.pez.pivotal.io/uaa/login. Use '--skip-ssl-validation' to continue with an insecure target
Looking at the release notes, it appears that SSL validation was enabled in v3.0.0, but uaac target --skip-ssl-validation
doesn't work with this release either:
$ uaac version
UAA client 3.0.0
$ uaac target --debug --skip-ssl-validation https://sso-demo.login.run.haas-62.pez.pivotal.io
--->
request: get https://sso-demo.login.run.haas-62.pez.pivotal.io/login
headers: {"accept"=>"application/json;charset=utf-8"}
<---- no response due to exception: #<CF::UAA::SSLException: Invalid SSL Cert for https://sso-demo.login.run.haas-62.pez.pivotal.io/login. Use '--skip-ssl-validation' to continue with an insecure target>failed to access https://sso-demo.login.run.haas-62.pez.pivotal.io: Invalid SSL Cert for https://sso-demo.login.run.haas-62.pez.pivotal.io/login. Use '--skip-ssl-validation' to continue with an insecure target
Editing my ~/.uaac.yml
file to include:
https://sso-demo.login.run.haas-62.pez.pivotal.io:
skip_ssl_validation: true
works around the issue.
Still having issues with this!
Also to add to @geoffwa comment - if uaa is not running on port 80 you need to add something similar to the below.
https://sso-demo.login.run.haas-62.pez.pivotal.io:8443:
skip_ssl_validation: true
Sorry I didn’t get back to you.
Issue is with MacOS and it’s stupidly old OpenSSL version. I just grabbed a docker-ized version of UAAC.
Kind Regards,
James.
On Jul 22, 2017, at 10:42 AM, Peter Blum notifications@github.com<mailto:notifications@github.com> wrote:
Still having issues with this!
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/cloudfoundry/cf-uaac/issues/37#issuecomment-317187882, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ACk766mwRBcIj1aJeaGxezLvaFvrFkFyks5sQgpBgaJpZM4NwZlL.
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Not sure why this was closed (uaac version: UAA Client 3.12.0)? It is still an issue, even with the changes in the ~/.uaac.yml. They allow a successful uaac target but when issuing a uaac token owner get it still fails with - Use '--skip-ssl-validation' to continue with an insecure target. I guess the solution is to update openssl on the mac.
@sreetummidi Why is this closed? When --skip-ssl-validation
is used, the CLI responds Invalid option: skip_ssl_validation
. Please address the actual bug. The problem also occurs on Linux, not just OSX.
problem still exists:
$ uaac --version
UAA client 4.1.0
13:05:51  user@pro-26  ~  ⬡ v8.7.0 
$ uaac target --debug --skip-ssl-validation https://opsmanager.environment.company.pcf-installation..de/uaa
--->
request: get https://opsmanager.environment.pcf.company.de/uaa/login
headers: {"accept"=>"application/json;charset=utf-8"}
<---- no response due to exception: #<CF::UAA::SSLException: Invalid SSL Cert for https://opsmanager.environment.pcf.company.de/uaa/login. Use '--skip-ssl-validation' to continue with an insecure target>failed to access https://opsmanager.environment.pcf.company.de/uaa: Invalid SSL Cert for https://opsmanager.environment.pcf.company.de/uaa/login. Use '--skip-ssl-validation' to continue with an insecure target```
Problem still exists - please can this be re-opened.? Currently uaac is unusable for me on our test set up.
i'm having this issue even after using a dockerized version of uaac from ruby:2.5-alpine, so it is not an issue just with Mac's openSSL
To be clear: this isn't an SSL library related problem, it's related to how uaac
combines its command line flags, configuration files, and defaults.
Using uaac v3.12.0 with a local pcf dev I am unable to bypass the ssl validation.
generates:
CF::UAA::SSLException: Invalid SSL Cert for https://uaa.local.pcfdev.io/Users. Use '--skip-ssl-validation' to continue with an insecure target