Closed alebeta90 closed 8 years ago
Hi Alejandro,
Normally, if you use a “https” protocol in “endpoint” parameter, the connection will automatically switch to use SSL. Could you paste the workload xml file?
-yaguang
From: alebeta90 [mailto:notifications@github.com] Sent: Friday, June 19, 2015 6:39 PM To: intel-cloud/cosbench Subject: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)
Hello friends!
OS:Ubuntu Server im using cosbench 0.4.2 and i want test my S3 environment with SSL, but is not working i recieve the next output:
2015-06-19 12:35:42,481 [ERROR] [AbstractOperator] - worker 1 fail to perform operation ga-cosbench1 com.intel.cosbench.api.storage.StorageException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: peer not authenticated
i read that in other version cosbench support self signed certificate. But here is not working
Thanks! and all the best. Alejandro B
— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/277.
Hello Yaguang!
Yes i already read about cosbench automatically must switch to use ssl, but i have this problem. Let me show you the workload.
Thanks for your Help!! and all the best.
<?xml version="1.0" encoding="UTF-8" ?>
Could you paste the complete one? Especially important part is the
From: alebeta90 [mailto:notifications@github.com] Sent: Tuesday, June 23, 2015 5:13 PM To: intel-cloud/cosbench Cc: Wang, Yaguang Subject: Re: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)
Hello Yaguang!
Yes i already read about cosbench automatically must switch to use ssl, but i have this problem. Let me show you the workload.
Thanks for your Help!! and all the best.
<?xml version="1.0" encoding="UTF-8" ?>
— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/277#issuecomment-114415877.
<?xml version="1.0" encoding="UTF-8" ?>
Hello Yaguang! I put the workload in pastebin, because for some reason here i cant paste all the workload, github like erease the section with the auth and storage label.
thanks a lot! have a nice day
I can’t access the pastebin ☹.
From: alebeta90 [mailto:notifications@github.com] Sent: Wednesday, June 24, 2015 3:59 PM To: intel-cloud/cosbench Cc: Wang, Yaguang Subject: Re: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)
Hello Yaguang! I put the workload in pastebin, because for some reason here i cant paste all the workload, github like erease the section with the auth and storage label.
thanks a lot! have a nice day
— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/277#issuecomment-114772568.
and this one https://paste.fedoraproject.org/236085/43514147/ ??
could u have a try on 0.4.2.c2? the 0.4.2.c1 has a bug which will break other than ceph.
I am facing the same issue with cosbench 0.4.1.0. Trying to configure it for S3 with https access. but its failing with below error-
2015-10-05 03:10:12,343 [ERROR] [S3Storage] - connection is created:id:78 2015-10-05 03:10:12,366 [INFO] [NoneStorage] - performing PUT at /mycontainers1 2015-10-05 03:10:16,704 [ERROR] [S3Storage] - ERROR:Unable to execute HTTP request: Connection to https://MYHOSTNAME refused.
My workload auth section is as below
auth - none config - none storage type="s3" config=accesskey=MYKEY secretkey=MYSECRETKEY endpoint=https://MYHOSTNAME path_style_access=true
I have to do in this format as the original format of the workload is getting uploaded here.
Please suggest.
For the "peer not athenticated" error, one is to use http:// instead of https:// to choose http protocol if https is not your exepcted. or, if you really expect https, this link may help, the basic idea is you'd make self-signed certificate into JVM trust store before issuing requests. http://stackoverflow.com/questions/12961570/sslpeerunverifiedexception-peer-not-authenticated
in short, the steps are:
1.Run the following command, replace $ADDRESS with the URL, minus the "https://":
echo -n | openssl s_client -connect $ADDRESS:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert
2.Run the following command, replace $ALIAS a short name for the key, $ADDRESS with the cert name from above, $PATH with the path to cacerts in your JRE.
sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert -keystore $PATH/cacerts -storepass changeit
Hello friends!
OS:Ubuntu Server im using cosbench 0.4.2 and i want test my S3 environment with SSL, but is not working i recieve the next output:
2015-06-19 12:35:42,481 [ERROR] [AbstractOperator] - worker 1 fail to perform operation ga-cosbench1 com.intel.cosbench.api.storage.StorageException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: peer not authenticated
i read that in other version cosbench support self signed certificate. But here is not working
Thanks! and all the best. Alejandro B