search

jhaals / ansible-vault

ansible lookup plugin for secrets stored in Vault(by HashiCorp)
BSD 3-Clause "New" or "Revised" License
347 stars 65 forks source link

CERTIFICATE_VERIFY_FAILED #46

Closed automaticgiant closed 7 years ago

automaticgiant commented 7 years ago

using a template like: {{ lookup('vault', 'pki/platform/any common_name=foo.example.com format=pem_bundle') }}

have set:

VAULT_ADDR=https://10.204.95.71:27003
VAULT_CAHOSTVERIFY=no
VAULT_SKIP_VERIFY=true

get:

fatal: [10.204.94.123]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleError: An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Unable to read pki/platform/any from vault: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>"}
automaticgiant commented 7 years ago

worked around by adding ssl._create_default_https_context = ssl._create_unverified_context to monkeypatch

jhaals commented 7 years ago

Sorry for the late reply. I'm not able to troubleshoot this problem. I don't run self signed certificates for authentication to vault myself and I don't know which version of python/ansible/ansible-vault you are using. I will gladly review a pull request with a more detailed description on why this is happening and how to solve it.

Best, Johan