aaronhurt
commented
7 years ago @patcable Could you verify your certificates for me and make sure they are set for both serverAuth and clientAuth ... I'm not able to reproduce this locally.
Using latest release version ...
charlie:temp ahurt$ consul-backinator -v
1.4Skipping verification with no cert passed ...
charlie:temp ahurt$ consul-backinator backup -addr=test.dc1.consul:8080 -scheme=https -tls-skip-verify
2016/12/05 21:14:05 [Success] Backed up 521 keys from test.dc1.consul:8080/ to consul.bak
Keep your backup and signature files in a safe place.
You will need both to restore your data.Passing a cert without skipping verification ...
charlie:temp ahurt$ consul-backinator backup -addr=test.dc1.consul:8080 -scheme=https -ca-cert=/opt/consul/ssl/demo-root.cer
2016/12/05 21:14:26 [Success] Backed up 521 keys from test.dc1.consul:8080/ to consul.bak
Keep your backup and signature files in a safe place.
You will need both to restore your data.No skip and no cert ...
charlie:temp ahurt$ consul-backinator backup -addr=test.dc1.consul:8080 -scheme=https
2016/12/05 21:14:32 [Error] Failed to backup key data: Get https://test.dc1.consul:8080/v1/kv/?consistent=&recurse=: x509: certificate signed by unknown authority
Hi there,
I'm running into a TLS verification error using consul-backinator. When I run the following (with and without
-tls-skip-verify):What's interesting is that when I run:
Additionally, when I run
openssl s_clientI do get "Verify return code: 0 (ok)." I feel like the-ca-pathvariable is being ignored, because if I leave the-CAfileoption off openssl, I do get verification errors. Is there some way to get more verbose output out of consul-backinator?