Tests against Conjur Enterprise are failing due to self-signed certificates not being trusted. From logs:
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='conjur-master.mycompany.local', port=443): Max retries exceeded with url: /authn/demo/admin/authenticate (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:997)')))
Implemented Changes
Previously, the scripts to set up Conjur Enterprise with conjur-intro ran the following command, which generated new certificates, and reloaded Conjur:
./bin/dap --import-custom-certificates
I believe this is now failing because the certificates are not being updated in the HAProxy container. That said, this bug should be handled separately, and there was no need to ever include this bit, as there are Conjur-generated certificates available without it.
Connected Issue/Story
N/A
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be
merged.
Changelog
[ ] The CHANGELOG has been updated, or
[x] This PR does not include user-facing changes and doesn't require a
CHANGELOG update
Test coverage
[ ] This PR includes new unit and integration tests to go with the code
changes, or
[x] The changes in this PR do not require tests
Documentation
[ ] Docs (e.g. READMEs) were updated in this PR
[ ] A follow-up issue to update official docs has been filed here: [insert issue ID]
[x] This PR does not require updating any documentation
Behavior
[ ] This PR changes product behavior and has been reviewed by a PO, or
[ ] These changes are part of a larger initiative that will be reviewed later, or
[x] No behavior was changed with this PR
Security
[ ] Security architect has reviewed the changes in this PR,
[ ] These changes are part of a larger initiative with a separate security review, or
[x] There are no security aspects to these changes
Desired Outcome
Tests against Conjur Enterprise are failing due to self-signed certificates not being trusted. From logs:
Implemented Changes
Previously, the scripts to set up Conjur Enterprise with
conjur-introran the following command, which generated new certificates, and reloaded Conjur:I believe this is now failing because the certificates are not being updated in the HAProxy container. That said, this bug should be handled separately, and there was no need to ever include this bit, as there are Conjur-generated certificates available without it.
Connected Issue/Story
N/A
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be merged.
Changelog
Test coverage
Documentation
READMEs) were updated in this PRBehavior
Security