Cosbench dosen't works with selfi signed certificate

[alebeta90]

Hello friends!

OS:Ubuntu Server im using cosbench 0.4.2 and i want test my S3 environment with SSL, but is not working i recieve the next output:

2015-06-19 12:35:42,481 [ERROR] [AbstractOperator] - worker 1 fail to perform operation ga-cosbench1 com.intel.cosbench.api.storage.StorageException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: peer not authenticated

i read that in other version cosbench support self signed certificate. But here is not working

Thanks! and all the best. Alejandro B

[ywang19]

Hi Alejandro,

Normally, if you use a “https” protocol in “endpoint” parameter, the connection will automatically switch to use SSL. Could you paste the workload xml file?

-yaguang

From: alebeta90 [mailto:notifications@github.com] Sent: Friday, June 19, 2015 6:39 PM To: intel-cloud/cosbench Subject: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)

Hello friends!

OS:Ubuntu Server im using cosbench 0.4.2 and i want test my S3 environment with SSL, but is not working i recieve the next output:

2015-06-19 12:35:42,481 [ERROR] [AbstractOperator] - worker 1 fail to perform operation ga-cosbench1 com.intel.cosbench.api.storage.StorageException: com.amazonaws.AmazonClientException: Unable to execute HTTP request: peer not authenticated

i read that in other version cosbench support self signed certificate. But here is not working

Thanks! and all the best. Alejandro B

— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/277.

[alebeta90]

Hello Yaguang!

Yes i already read about cosbench automatically must switch to use ssl, but i have this problem. Let me show you the workload.

Thanks for your Help!! and all the best.

<?xml version="1.0" encoding="UTF-8" ?>

``` ```

[ywang19]

Could you paste the complete one? Especially important part is the and section.

From: alebeta90 [mailto:notifications@github.com] Sent: Tuesday, June 23, 2015 5:13 PM To: intel-cloud/cosbench Cc: Wang, Yaguang Subject: Re: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)

Hello Yaguang!

Yes i already read about cosbench automatically must switch to use ssl, but i have this problem. Let me show you the workload.

Thanks for your Help!! and all the best.

<?xml version="1.0" encoding="UTF-8" ?>

``` ```

— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/277#issuecomment-114415877.

[alebeta90]

<?xml version="1.0" encoding="UTF-8" ?>

``` ```

[alebeta90]

Hello Yaguang! I put the workload in pastebin, because for some reason here i cant paste all the workload, github like erease the section with the auth and storage label.

http://pastebin.com/Ay3d5g4x

thanks a lot! have a nice day

[ywang19]

I can’t access the pastebin ☹.

From: alebeta90 [mailto:notifications@github.com] Sent: Wednesday, June 24, 2015 3:59 PM To: intel-cloud/cosbench Cc: Wang, Yaguang Subject: Re: [cosbench] Cosbench dosen't works with selfi signed certificate (#277)

Hello Yaguang! I put the workload in pastebin, because for some reason here i cant paste all the workload, github like erease the section with the auth and storage label.

http://pastebin.com/Ay3d5g4x

thanks a lot! have a nice day

— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/277#issuecomment-114772568.

[alebeta90]

and this one https://paste.fedoraproject.org/236085/43514147/ ??

[ywang19]

could u have a try on 0.4.2.c2? the 0.4.2.c1 has a bug which will break other than ceph.

[Ravi-Tripathi21]

I am facing the same issue with cosbench 0.4.1.0. Trying to configure it for S3 with https access. but its failing with below error-

2015-10-05 03:10:12,343 [ERROR] [S3Storage] - connection is created:id:78 2015-10-05 03:10:12,366 [INFO] [NoneStorage] - performing PUT at /mycontainers1 2015-10-05 03:10:16,704 [ERROR] [S3Storage] - ERROR:Unable to execute HTTP request: Connection to https://MYHOSTNAME refused.

My workload auth section is as below

auth - none config - none storage type="s3" config=accesskey=MYKEY secretkey=MYSECRETKEY endpoint=https://MYHOSTNAME path_style_access=true

I have to do in this format as the original format of the workload is getting uploaded here.

Please suggest.

[ywang19]

For the "peer not athenticated" error, one is to use http:// instead of https:// to choose http protocol if https is not your exepcted. or, if you really expect https, this link may help, the basic idea is you'd make self-signed certificate into JVM trust store before issuing requests. http://stackoverflow.com/questions/12961570/sslpeerunverifiedexception-peer-not-authenticated

in short, the steps are:

1.Run the following command, replace $ADDRESS with the URL, minus the "https://":

echo -n | openssl s_client -connect $ADDRESS:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert

2.Run the following command, replace $ALIAS a short name for the key, $ADDRESS with the cert name from above, $PATH with the path to cacerts in your JRE.

sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert -keystore $PATH/cacerts -storepass changeit