how to configure cli trust store

[torstenstach]

>jfrog rt ping --url=https://artprod.issh.de/artifactory [Error] Get https://artprod.issh.de/artifactory/api/system/ping: x509: certificate signed by unknown authority how to configure the jfrog-cli trust store?

• is there a way to disable the check?
• where is the trust store?
• Can i add certificats to the trust store?

[eyalbe4]

@torstenstach, Here's you add your self signed certificates. Disabling the use of SSL certificates is currently not supported, but we're considering add it. Let us know if this helps.

[torstenstach]

No this does not help. under windows cli is unable to check the whole certificate chain. WORKAROUND: install the sub-ca certificate also as Trusted Root Certificate

Can you fix this?

[eyalbe4]

@torstenstach, Are you using the latest JFrog CLI version? (currently the latest version is 1.22.0). I'm asking because you may be affected by https://github.com/golang/go/issues/18609. The latest JFrog CLI release is built with Go 1.11, which should include this fix.

[torstenstach]

I have the same problem with version 1.22.0

[eyalbe4]

@torstenstach, Actually, we need to wait for this issue to be fixed - https://github.com/golang/go/issues/16736 I'm not sure there's anything we can do before it is fixed by go... We have tried to fix this in the past by adding https://github.com/jfrog/jfrog-client-go/blob/master/artifactory/auth/cert/sslutils_windows.go (runs for Windows only), but there's a chance this code is not perfect. I see no other option but waiting for the above issue to be fixed.

[moeHaydar]

I have the same problem, any news about this ?

[vdsbenoit]

+1

[kenden]

About: "is there a way to disable the check?" The option --insecure-tls was added recently: https://github.com/jfrog/jfrog-cli/blob/master/RELEASE.md#1351-mar-18-2020

[kenyon]

This link from https://github.com/jfrog/jfrog-cli/issues/277#issuecomment-440280090 is now broken and I'm really having a hard time finding the current location of documentation on using JFrog CLI with internal certificate authorities: https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory#CLIforJFrogArtifactory-UsingSelf-signedSSLCertificates

[emveee]

This link from #277 (comment) is now broken and I'm really having a hard time finding the current location of documentation on using JFrog CLI with internal certificate authorities: https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory#CLIforJFrogArtifactory-UsingSelf-signedSSLCertificates

https://web.archive.org/web/20191007071125/https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory

[larkoie]

FYI the issue is still existing in jfrog cli 2.52.9 (latest at the time of my comment). The bug https://github.com/golang/go/issues/16736 looks fixed (closed completed in november 2021)

Can somebody take a look at this now? Thanks

[mathieugouin]

I have version 2.71.0 of the cli.

I have exactly the same problem. To add more info, SSL works with curl -UseBasicParsing "https://artifactory.example.com/artifactory/api/system/ping" but not with jfrog rt ping.

I have installed my root CA certificate in my Docker image using:

• Import-Certificate -FilePath C:\my_cert.crt -CertStoreLocation Cert:\LocalMachine\Root
• manual copy to: ~/.jfrog/security. In my case it was: C:\Users\ContainerAdministrator\.jfrog\security

Any other clue?