If the user opts NOT to trust the certificate, the script will need to error and print a message alerting the user that the valid Conjur PEM-encoded x509 CA certificate chain will need to be retrieved in order to continue.
AC:
[ ] Update the script to follow the same pattern as the Python CLI
[ ] Update the dap wiki flow to explain how this works
In order to avoid possible MitM attacks, our
get-conjur-cert.sh
script should show the fingerprint to the user and ask if they'd like to trust the certificate. The logic can follow what the Python CLI does here: https://github.com/cyberark/conjur-api-python3/blob/a847bf6a9e3bf89d843543f1781c00dbdb5456b5/conjur/controller/init_controller.py#L116-L122If the user opts NOT to trust the certificate, the script will need to error and print a message alerting the user that the valid Conjur PEM-encoded x509 CA certificate chain will need to be retrieved in order to continue.
AC: