Open ambition-consulting opened 4 years ago
/cc @quarkusio/devtools
11:07:48,943 [main] [INFO] --- quarkus-maven-plugin:1.5.0.Final:build (default) @ config-quickstart ---
11:07:51,162 [main] [WARNING] [io.quarkus.deployment.QuarkusAugmentor] Using Java versions older than 11 to build Quarkus applications is deprecated and will be disallowed in a future release!
11:07:51,702 [main] [INFO] [org.jboss.threads] JBoss Threads version 3.1.1.Final
11:07:52,623 [build-36] [WARNING] [io.quarkus.kubernetes.deployment.KubernetesProcessor] No registry was set for the container image, so 'ImagePullPolicy' is being force-set to 'IfNotPresent'.
[INFO] Checking for existing resources in: C:\Users\src\config-quickstart\src\main\kubernetes.
11:07:53,028 [build-32] [INFO] [io.quarkus.deployment.pkg.steps.JarResultBuildStep] Building thin jar: C:\Users\src\config-quickstart\target\config-quickstart-1.0-SNAPSHOT-runner.jar
11:07:53,857 [build-36] [INFO] [io.quarkus.kubernetes.deployment.KubernetesProcessor] Generated the Kubernetes manifests: '\kubernetes.yml,\kubernetes.json' in 'C:\Users\src\config-quickstart\target\kubernetes'
11:07:54,008 [build-26] [INFO] [io.quarkus.kubernetes.deployment.KubernetesDeploy] Kubernetes API Server at 'https://192.168.99.100:8443/' successfully contacted.
11:07:54,716 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerWorking] Docker daemon found. Version:'19.03.8'
11:07:54,734 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Building docker image for jar.
11:07:55,392 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Sending build context to Docker daemon 10.57MB
11:07:55,409 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor]
11:07:55,420 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Step 1/11 : FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
11:07:55,448 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> 91d23a64fdf2
11:07:55,463 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Step 2/11 : ARG JAVA_PACKAGE=java-11-openjdk-headless
11:07:55,493 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> Using cache
11:07:55,520 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> 5117ddec859b
11:07:55,548 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Step 3/11 : ARG RUN_JAVA_VERSION=1.3.8
11:07:55,564 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> Using cache
11:07:55,579 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> 87f637cd4953
11:07:55,596 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Step 4/11 : ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
11:07:55,614 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> Using cache
11:07:55,628 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> cd7d06f38b4a
11:07:55,643 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Step 5/11 : RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} && microdnf update && microdnf clean all && mkdir /deployments
&& chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
11:07:55,724 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] ---> Running in 01061fc0d63e
11:07:56,697 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor]
11:07:56,727 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] (process:6): librhsm-WARNING **: 09:07:49.472: Found 0 entitlement certificates
11:07:56,759 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor]
11:07:56,783 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] (process:6): librhsm-WARNING **: 09:07:49.480: Found 0 entitlement certificates
11:07:56,810 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor]
11:07:56,824 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] (process:6): libdnf-WARNING **: 09:07:49.483: Loading "/etc/dnf/dnf.conf": IniParser: Can't open file
11:07:56,871 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] Downloading metadata...
11:07:57,104 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] error: cannot update repo 'ubi-8-baseos': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
11:07:57,297 [build-15] [INFO] [io.quarkus.container.image.docker.deployment.DockerProcessor] The command '/bin/sh -c microdnf install curl ca-certificates ${JAVA_PACKAGE} && microdnf update && microdnf clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security' returned a non-zero code: 1
11:07:57,389 [main] [INFO] ------------------------------------------------------------------------
11:07:57,400 [main] [INFO] BUILD FAILURE
11:07:57,405 [main] [INFO] ------------------------------------------------------------------------
Might relate to https://access.redhat.com/discussions/4524081
$ subscription-manager
-bash: subscription-manager: command not found`
This problem might go to Minikube instead? Maybe you could allow curl to work insecure for that one repository as a temporary solution?
Or maybe you should remove the dependency to red hat. I can't even reply in their forum, since that requires a subscription? wtf...
@maxandersen or @cescoffier do you have any idea what's going here?
that's new.
We shouldn't see our default community docker images depend on subscription manager. If we do that's a bug.
@ambition-consulting what base image are you using?
looks like whatever defualt we use.
Which is what surprise me since deploy minikube haven't been issue before.
I am not sure it's the default because when I tried minikube successfully multiple times and I don't have any sort subscription setup
@geoand I am using whatever ships with the newest Minikube v1.11.0 (released 12 days ago).
$ uname -a Linux minikube 4.19.107 #1 SMP Thu May 28 15:07:17 PDT 2020 x86_64 GNU/Linux
I am not sure, what your plusing is exactly using internally. I simply ssh'ed from Windows into the Minikube VM with "minikube ssh" and found the same problem with curl, that I found when executing your maven plugin from Windows.
Please let me know, how exactly I can provide you the missing information.
Also, tomorrow I will follow up a suggestion by the minikube team of using the docker-driver instead of the Virtualbox driver. I was assuming for the image to be the same, that's run with whatever driver, but maybe I am wrong.
Can you please try doing the following:
mvn clean package -DskipTests
docker build -f src/main/docker/Dockerfile.jvm -t quarkus/${project_artifactId}-jvm .
and paste the output?
It's weird. It's just going microdnf update which download stuff that is publically available behind proper Https URLs with certificates.
@geoand did you fail to reproduce on latest minikube or other version ?
Btw. "subscription" to comment is just developer.redhat.com which is free.
It's weird. It's just going microdnf update which download stuff that is publically available behind proper Https URLs with certificates.
@geoand did you fail to reproduce on latest minikube or other version ?
I am using 1.9.x, but let me try the latest
I just tested with the latest minikube
(minikube version: v1.11.0
) and with a brand new Quarkus project created using 1.5.0.Final
and the quarkus-minikube
and quarkus-container-image-docker
extensions.
eval $(minikube -p minikube docker-env)
mvn clean package -DskipTests -Dquarkus.kubernetes.deploy=true
worked flawlesly.
@geoand same problem:
C:\Users\src\config-quickstart
λ mvn clean package -DskipTests
15:14:44,659 [main] [INFO] Scanning for projects...
15:14:44,807 [main] [INFO]
15:14:44,811 [main] [INFO] ---------------------< org.acme:config-quickstart >---------------------
15:14:44,824 [main] [INFO] Building config-quickstart 1.0-SNAPSHOT
15:14:44,835 [main] [INFO] --------------------------------[ jar ]---------------------------------
15:14:46,192 [main] [INFO]
15:14:46,200 [main] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ config-quickstart ---
15:14:46,280 [main] [INFO] Deleting C:\Users\src\config-quickstart\target
15:14:46,375 [main] [INFO]
15:14:46,378 [main] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ config-quickstart ---
15:14:46,531 [main] [INFO] Using 'UTF-8' encoding to copy filtered resources.
15:14:46,546 [main] [INFO] Copying 2 resources
15:14:46,569 [main] [INFO]
15:14:46,573 [main] [INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ config-quickstart ---
15:14:46,916 [main] [INFO] Changes detected - recompiling the module!
15:14:46,934 [main] [INFO] Compiling 1 source file to C:\Users\src\config-quickstart\target\classes
15:14:47,581 [main] [INFO]
15:14:47,585 [main] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ config-quickstart ---
15:14:47,614 [main] [INFO] Using 'UTF-8' encoding to copy filtered resources.
15:14:47,626 [main] [INFO] skip non existing resourceDirectory C:\Users\src\config-quickstart\src\test\resources
15:14:47,646 [main] [INFO]
15:14:47,663 [main] [INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ config-quickstart ---
15:14:47,756 [main] [INFO] Changes detected - recompiling the module!
15:14:47,780 [main] [INFO] Compiling 2 source files to C:\Users\src\config-quickstart\target\test-classes
15:14:48,251 [main] [INFO]
15:14:48,254 [main] [INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ config-quickstart ---
15:14:48,705 [main] [INFO] Tests are skipped.
15:14:48,711 [main] [INFO]
15:14:48,714 [main] [INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ config-quickstart ---
15:14:48,886 [main] [INFO] Building jar: C:\Users\src\config-quickstart\target\config-quickstart-1.0-SNAPSHOT.jar
15:14:48,921 [main] [INFO]
15:14:48,926 [main] [INFO] --- quarkus-maven-plugin:1.5.0.Final:build (default) @ config-quickstart ---
15:14:51,446 [main] [WARNING] [io.quarkus.deployment.QuarkusAugmentor] Using Java versions older than 11 to build Quarkus applications is deprecated and will be disallowed in a future release!
15:14:52,115 [main] [INFO] [org.jboss.threads] JBoss Threads version 3.1.1.Final
15:14:53,252 [build-41] [WARNING] [io.quarkus.kubernetes.deployment.KubernetesProcessor] No registry was set for the container image, so 'ImagePullPolicy' is being force-set to 'IfNotPresent'.
[INFO] Checking for existing resources in: C:\Users\src\config-quickstart\src\main\kubernetes.
15:14:53,681 [build-13] [INFO] [io.quarkus.deployment.pkg.steps.JarResultBuildStep] Building thin jar: C:\Users\src\config-quickstart\target\config-quickstart-1.0-SNAPSHOT-runner.jar
15:14:54,660 [build-41] [INFO] [io.quarkus.kubernetes.deployment.KubernetesProcessor] Generated the Kubernetes manifests: '\minikube.json,\kubernetes.yml,\kubernetes.json,\minikube.yml' in 'C:\Users\src\config-quickstart\target\kubernetes'
15:14:54,750 [main] [INFO] [io.quarkus.deployment.QuarkusAugmentor] Quarkus augmentation completed in 3282ms
15:14:54,779 [main] [INFO] ------------------------------------------------------------------------
15:14:54,794 [main] [INFO] BUILD SUCCESS
15:14:54,800 [main] [INFO] ------------------------------------------------------------------------
15:14:54,823 [main] [INFO] Total time: 10.194 s
15:14:54,830 [main] [INFO] Finished at: 2020-06-12T15:14:54+02:00
15:14:54,838 [main] [INFO] ------------------------------------------------------------------------
C:\Users\src\config-quickstart
λ docker build -f src/main/docker/Dockerfile.jvm -t quarkus/config-quickstart-jvm .
Sending build context to Docker daemon 10.57MB
Step 1/11 : FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
Get https://registry.access.redhat.com/v2/: x509: certificate signed by unknown authority
C:\Users\src\config-quickstart
λ minikube start
* minikube v1.11.0 auf Microsoft Windows 7 Enterprise Service Pack 1 6.1.7601 Build 7601
- MINIKUBE_ACTIVE_DOCKERD=minikube
* Automatically selected the virtualbox driver
* Starting control plane node minikube in cluster minikube
* Creating virtualbox VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...
* Gefundene Netzwerkoptionen:
- NO_PROXY=192.168.99.100
- no_proxy=192.168.99.100
! This VM is having trouble accessing https://k8s.gcr.io
* To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/
* Vorbereiten von Kubernetes v1.18.3 auf Docker 19.03.8...
- env NO_PROXY=192.168.99.100
* Verifying Kubernetes components...
* Enabled addons: default-storageclass, storage-provisioner
* Done! kubectl is now configured to use "minikube"
C:\Users\src\config-quickstart
λ minikube docker-env
SET DOCKER_TLS_VERIFY=1
SET DOCKER_HOST=tcp://192.168.99.101:2376
SET DOCKER_CERT_PATH=C:\Users\.minikube\certs
SET MINIKUBE_ACTIVE_DOCKERD=minikube
REM To point your shell to minikube's docker-daemon, run:
REM @FOR /f "tokens=*" %i IN ('minikube -p minikube docker-env') DO @%i
C:\Users\src\config-quickstart
λ SET DOCKER_HOST=tcp://192.168.99.101:2376
C:\Users\src\config-quickstart
λ SET DOCKER_CERT_PATH=C:\Users\.minikube\certs
C:\Users\src\config-quickstart
λ SET MINIKUBE_ACTIVE_DOCKERD=minikube
C:\Users\src\config-quickstart
λ @FOR /f "tokens=*" %i IN ('minikube -p minikube docker-env') DO @%i
C:\Users\src\config-quickstart
λ docker build -f src/main/docker/Dockerfile.jvm -t quarkus/config-quickstart-jvm .
Sending build context to Docker daemon 10.57MB
Step 1/11 : FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
8.1: Pulling from ubi8/ubi-minimal
b26afdf22be4: Pull complete
218f593046ab: Pull complete
Digest: sha256:df6f9e5d689e4a0b295ff12abc6e2ae2932a1f3e479ae1124ab76cf40c3a8cdd
Status: Downloaded newer image for registry.access.redhat.com/ubi8/ubi-minimal:8.1
---> 91d23a64fdf2
Step 2/11 : ARG JAVA_PACKAGE=java-11-openjdk-headless
---> Running in 93a95849570c
Removing intermediate container 93a95849570c
---> c20281c063e9
Step 3/11 : ARG RUN_JAVA_VERSION=1.3.8
---> Running in ce9ad07ab063
Removing intermediate container ce9ad07ab063
---> 2da4b0407790
Step 4/11 : ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
---> Running in 185ac37dcfdd
Removing intermediate container 185ac37dcfdd
---> 2912b3b2e039
Step 5/11 : RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} && microdnf update && microdnf clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
---> Running in 4f474b407a64
(process:8): librhsm-WARNING **: 13:20:46.195: Found 0 entitlement certificates
(process:8): librhsm-WARNING **: 13:20:46.199: Found 0 entitlement certificates
(process:8): libdnf-WARNING **: 13:20:46.200: Loading "/etc/dnf/dnf.conf": IniParser: Can't open file
Downloading metadata...
error: cannot update repo 'ubi-8-baseos': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
The command '/bin/sh -c microdnf install curl ca-certificates ${JAVA_PACKAGE} && microdnf update && microdnf clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security' returned a non-zero code: 1
Please note, that before my environment was set up for docker-machine, where I have not yet downloaded the required certificates for registry.access.redhat.com.
Also, I recently had quarkus-kubernetes extension running, but replacing that with quarkus-minikube extension did not help either.
Also, we are behind a fairly annoying bluecoat proxy - not sure if that is a problem with https://cdn-ubi.redhat.com/
Question, what is this about?
(process:6): librhsm-WARNING **: 13:28:02.739: Found 0 entitlement certificates
(process:6): librhsm-WARNING **: 13:28:02.743: Found 0 entitlement certificates
(process:6): libdnf-WARNING **: 13:28:02.744: Loading "/etc/dnf/dnf.conf": IniParser: Can't open file
And regarding the redhat forum - I have registered and logged in, but cannot write, maybe because it is labelled Red Hat Enterprise Linux? No idea, but I cannot respond and contribute.
Also, changing the driver to docker driver did not work - probably because I cannot run docker in elevated mode... so I am back to Virtualbox.
Adding to the Dockerfile
RUN curl https://www.google.dom --insecure
results in
Sending build context to Docker daemon 10.57MB
Step 1/13 : FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
---> 91d23a64fdf2
Step 2/13 : ARG JAVA_PACKAGE=java-11-openjdk-headless
---> Using cache
---> c20281c063e9
Step 3/13 : ARG RUN_JAVA_VERSION=1.3.8
---> Using cache
---> 2da4b0407790
Step 4/13 : ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
---> Using cache
---> 2912b3b2e039
Step 5/13 : RUN curl https://www.google.dom --insecure
---> Running in a30344cc2f92
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: www.google.dom
The command '/bin/sh -c curl https://www.google.dom --insecure' returned a non-zero code: 6
So I guess maybe it's about connectivity in general.
Or maybe not, I am confused:
C:\Users\src\config-quickstart
λ minikube ssh
_ _
_ _ ( ) ( )
___ ___ (_) ___ (_)| |/') _ _ | |_ __
/' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\
| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/
(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)
$ curl www.google.com
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="b9+u8lQxjDCE2WJaHeq80Q==">(function(){window.google={kEI:'AZTjXsmlJ8KprgT2m5Yo',kEXPI:'0,202123,3,4,32,1151585,5662,730,224,3656,1448,207,1245,1959,10,1226,364,1499,576,241,383,246,5,1306,48,554,1140,1217,718,249,3,134,142,68,72,74,43,3,347,379,1122623,1197704,445,78,11,329029,1294,12383,4855,32691,15248,867,28684,9188,8384,4859,1361,9290,3022,2822,1924,6,11027,1808,4020,978,4788,1,3142,5297,2054,920,873,1217,5760,3645,1142,7861,2303,3221,4517,2778,919,2277,8,2796,1593,1279,2212,530,149,1943,517,1466,58,790,3466,312,1135,1,3,2063,606,1839,184,1777,143,377,1946,1031,1,1198,94,327,1284,16,2927,2247,473,1339,748,1039,603,2624,1990,855,9,5597,469,6286,4455,641,2449,2459,1226,1743,3654,1274,108,591,2816,908,2,940,973,1642,2397,2896,2523,916,1135,1,839,1337,666,432,3,346,1200,865,1,372,3545,707,148,189,1667,1645,503,1,1986,27,130,1,2093,1496,496,463,1487,
...
Adding the intercepting proxy PEM to minikube trusted certs did not help.
Changed my Dockerfile to using UBI base with subscription, now I got
C:\Users\src\config-quickstart
λ docker build -f src/main/docker/Dockerfile.jvm -t quarkus/config-quickstart-jvm .
Sending build context to Docker daemon 10.59MB
Step 1/12 : FROM registry.access.redhat.com/ubi8/ubi:8.1
---> 8121a9f5303b
Step 2/12 : ARG JAVA_PACKAGE=java-11-openjdk-headless
---> Using cache
---> bef1068e750f
Step 3/12 : ARG RUN_JAVA_VERSION=1.3.8
---> Using cache
---> 0eb8bcddca7f
Step 4/12 : RUN subscription-manager register --username ambition.consulting --password whatever --auto-attach
---> Running in 6559b3d28482
Registering to: subscription.rhsm.redhat.com:443/subscription
The system has been registered with ID: 826b4a35-af05-4d9f-921b-29b5b1de9245
The registered system name is: c6feedc4030e
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64
Status: Subscribed
Removing intermediate container 6559b3d28482
---> 198bf991e4ce
Step 5/12 : ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
---> Running in 3b5a433fe473
Removing intermediate container 3b5a433fe473
---> 53837a38f2e4
Step 6/12 : RUN yum install curl ca-certificates ${JAVA_PACKAGE} --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos && yum update && yum clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
---> Running in b8d3583f4f45
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStre 1.9 MB/s | 18 MB 00:09
Red Hat Enterprise Linux 8 for x86_64 - BaseOS 2.0 MB/s | 18 MB 00:09
Red Hat Universal Base Image 8 (RPMs) - BaseOS 0.0 B/s | 0 B 00:00
Failed to set locale, defaulting to C.UTF-8
Failed to download metadata for repo 'ubi-8-baseos'
Error: Failed to download metadata for repo 'ubi-8-baseos'
The command '/bin/sh -c yum install curl ca-certificates ${JAVA_PACKAGE} --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos && yum update && yum clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security' returned a non-zero code: 1
Red Hat Enterprise Linux 8 for x86_64 - BaseOS 2.0 MB/s | 18 MB 00:09
Success.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 0.0 B/s | 0 B 00:00
Failure.
What is so special about this image?
I still haven't been able to reproduce any of that.
@maxandersen if you could give it a quick spin when you get a chance it would be great
On Fri, Jun 12, 2020, 18:40 John-Paul Cunliffe notifications@github.com wrote:
Changed my Dockerfile to using UBI base with subscription, now I got
C:\Users\src\config-quickstart
λ docker build -f src/main/docker/Dockerfile.jvm -t quarkus/config-quickstart-jvm .
Sending build context to Docker daemon 10.59MB
Step 1/12 : FROM registry.access.redhat.com/ubi8/ubi:8.1
---> 8121a9f5303b
Step 2/12 : ARG JAVA_PACKAGE=java-11-openjdk-headless
---> Using cache
---> bef1068e750f
Step 3/12 : ARG RUN_JAVA_VERSION=1.3.8
---> Using cache
---> 0eb8bcddca7f
Step 4/12 : RUN subscription-manager register --username ambition.consulting --password whatever --auto-attach
---> Running in 6559b3d28482
Registering to: subscription.rhsm.redhat.com:443/subscription
The system has been registered with ID: 826b4a35-af05-4d9f-921b-29b5b1de9245
The registered system name is: c6feedc4030e
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64
Status: Subscribed
Removing intermediate container 6559b3d28482
---> 198bf991e4ce
Step 5/12 : ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
---> Running in 3b5a433fe473
Removing intermediate container 3b5a433fe473
---> 53837a38f2e4
Step 6/12 : RUN yum install curl ca-certificates ${JAVA_PACKAGE} --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos && yum update && yum clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
---> Running in b8d3583f4f45
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStre 1.9 MB/s | 18 MB 00:09
Red Hat Enterprise Linux 8 for x86_64 - BaseOS 2.0 MB/s | 18 MB 00:09
Red Hat Universal Base Image 8 (RPMs) - BaseOS 0.0 B/s | 0 B 00:00
Failed to set locale, defaulting to C.UTF-8
Failed to download metadata for repo 'ubi-8-baseos'
Error: Failed to download metadata for repo 'ubi-8-baseos'
The command '/bin/sh -c yum install curl ca-certificates ${JAVA_PACKAGE} --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos && yum update && yum clean all && mkdir /deployments && chown 1001 /deployments && chmod "g+rwX" /deployments && chown 1001:root /deployments && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && chown 1001 /deployments/run-java.sh && chmod 540 /deployments/run-java.sh && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security' returned a non-zero code: 1
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/quarkusio/quarkus/issues/9893#issuecomment-643341238, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABBMDP2NLCDSHJIYL656V53RWJD73ANCNFSM4NZVXRCA .
Ok, finally I found the solution....
As suspected, our SSL intercepting proxy is causing a problem again - and just adding it to the Linux Virtualbox host was not enough for the isolated docker container underneath accepting it. By copying the intercepting SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image to /etc/pki/ca-trust/source/anchors/, and running update-ca-trust, curl will now now longer mind the sniffing proxy and just works:
[root@0fa71125f5bd /]# yum install curl
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 2.6 MB/s | 18 MB 00:06
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 1.9 MB/s | 18 MB 00:09
Red Hat Universal Base Image 8 (RPMs) - BaseOS 552 kB/s | 766 kB 00:01
Red Hat Universal Base Image 8 (RPMs) - AppStream 1.3 MB/s | 3.8 MB 00:02
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder 9.1 kB/s | 11 kB 00:01
Package curl-7.61.1-12.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
In case you are also targeting big companies, which often use this kind of intercepting proxy, then I highly recommend some sort of automatism for intercepting proxies.
Or maybe there already is?
Thanks for the excellent analysis!
We indeed need to look into how to make things easier on that front
thanks for figuring out the issue and coming back. I just want to make sure I understood it right; your problem was caused by a proxy/firewall that rewrites/rewires the certifictates using non-trustable certificates - thus the error is actually correct (as there are basically a man-in-the-middle-attack ?
And your (valid) solution is to burn into the image the keys of the proxy/firewall making the image explicitly trust this resource ?
If I grok it right; you would have the exact same issue if your docker file or even app would need to access any other https resource on the internet ? is that true?
(and yes, we definitely should make sure to document/make it easier - but just want to be sure to identify the scale of the issue - i.e. if unqiue for red hat servers or in general (almost) any https access you want to do ...I highly suspect the latter)
@maxandersen you are right, except that for some unknown reason many other downloads had no problem with the man-in-the-middle attack before the abovementioned URL. I can try to get some ssl debug/trace message on from the VM with/without the trusted certificate.
Please note the different verify codes below. I do not know what most of this means, but clearly there is a fundamental difference between downloads where the inception works, and those where it does not. Personally I wouldn't be suprised, if cdn-ubi.redhat.com and cdn.redhat.com have different "SSL policies" - meaning the former does not accept the interception, whereas the latter does.
docker run -it frapsoft/openssl s_client -connect cdn-ubi.redhat.com:443 -prexit
CONNECTED(00000003)
depth=2 C = US, O = "Blue Coat Systems, Inc.", CN = Cloud Services CA - G2
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./CN=*.redhat.com
i:/C=US/O=Cloud Services/OU=Operations/CN=SSL-SG1-GDEFR3
1 s:/C=US/O=Cloud Services/OU=Operations/CN=SSL-SG1-GDEFR3
i:/C=US/O=Blue Coat Systems, Inc./CN=Cloud Services CA - G2
2 s:/C=US/O=Blue Coat Systems, Inc./CN=Cloud Services CA - G2
i:/C=US/O=BlueCoat Systems, Inc./CN=Cloud Services Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIIKhbXBAAAAAAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxFzAVBgNVBAoMDkNsb3VkIFNlcnZpY2VzMRMwEQYDVQQLDApPcGVyYXRp
b25zMRcwFQYDVQQDDA5TU0wtU0cxLUdERUZSMzAeFw0yMDAxMTMwMDAwMDBaFw0y
MTA0MTMxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv
bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjEV
MBMGA1UEAwwMKi5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0sgfXZ5R+TchYhigWguR8UuHqVOuHuQn91wAPMECj/+dhFMVgtroZMs0
bVG2adhrZsyOLdW28qUQw/ICgChakAINDAbQmXQzbXumA1ozY4qJmxB57BisVsUQ
/FzEbf5giE/Uv3Bu7LLYkMhuPP8u8T6KjJ9rx892PtUQJe3XSnOaVolsvXELBPbO
ezKuuh3oDhfzBiy0hmULWoms6gTzHQiE/on/BwcoIclmDyDQLQ8NrKsoiUkmzGwD
ZOPb/roYDQ5Q+f0CesVPlFLO0pa4bDUJ0eeFYQuf20MiGcRBojlR1XRgymMb0sjQ
cZ83NL3KM6PghxlFoRGqp3/M/n/J2wIDAQABo4IBODCCATQwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBeAwHwYDVR0jBBgwFoAUd7qRmCUTT+zWm9HLN+QCCZj+PxcwIwYD
VR0RBBwwGoIMKi5yZWRoYXQuY29tggpyZWRoYXQuY29tMF8GCWCGSAGG+EIBDQRS
FlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNCREMzOTcwQkphbiAxMyAwMDowMDow
MCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAyMDIxIEdNVDBzBgNVHSAEbDBqMGgG
BFUdIAAwYDBeBggrBgEFBQcCAjBSGlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNC
REMzOTcwQkphbiAxMyAwMDowMDowMCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAy
MDIxIEdNVDANBgkqhkiG9w0BAQsFAAOCAQEAVGf8A39Sb1GrY107RjXgHkcIMjLS
TsntiI3aesYZl39CqRk2az+JM9b21LKFnCy+PRV0FBLHV7s37BvRRadl+R6gLopT
WAdFiT+VtPi5H7gWf+glHPKnnFrgxpCII1EkF6712p5yiN8am0TfoaI61RnsgcoR
a2//XULyavLN2gKfPQZvTXo9taXVH9r68uRojw/xNdUCC5GtdXeVkRlrGwdo8E8C
pfLUtxIBVezOVfRmGRWUtHcQpT/kKNiBT7XpSv+KtF5Rz9kLrHGnDmCn7YVUjAA6
WCprqs9n5ufx/pxHaUbRlyFBz/9kk1ZEA/aGV8LXAuuKtAPThNS/dHXnhQ==
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./CN=*.redhat.com
issuer=/C=US/O=Cloud Services/OU=Operations/CN=SSL-SG1-GDEFR3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3855 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3B7CCD391A170C80990917972C70F35B8887C19C28F8E0E8281E757FD4CAA209
Session-ID-ctx:
Master-Key: 0CBD8379B6A8CCD5F28BA2CDA018EA9BEE7B7054F4AFC2C3384040B8F8A255F59B42BC11CAB9BB1EFA94938ABAE0FAAE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592225447
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
read:errno=0
---
Certificate chain
0 s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./CN=*.redhat.com
i:/C=US/O=Cloud Services/OU=Operations/CN=SSL-SG1-GDEFR3
1 s:/C=US/O=Cloud Services/OU=Operations/CN=SSL-SG1-GDEFR3
i:/C=US/O=Blue Coat Systems, Inc./CN=Cloud Services CA - G2
2 s:/C=US/O=Blue Coat Systems, Inc./CN=Cloud Services CA - G2
i:/C=US/O=BlueCoat Systems, Inc./CN=Cloud Services Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIIKhbXBAAAAAAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxFzAVBgNVBAoMDkNsb3VkIFNlcnZpY2VzMRMwEQYDVQQLDApPcGVyYXRp
b25zMRcwFQYDVQQDDA5TU0wtU0cxLUdERUZSMzAeFw0yMDAxMTMwMDAwMDBaFw0y
MTA0MTMxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv
bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjEV
MBMGA1UEAwwMKi5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0sgfXZ5R+TchYhigWguR8UuHqVOuHuQn91wAPMECj/+dhFMVgtroZMs0
bVG2adhrZsyOLdW28qUQw/ICgChakAINDAbQmXQzbXumA1ozY4qJmxB57BisVsUQ
/FzEbf5giE/Uv3Bu7LLYkMhuPP8u8T6KjJ9rx892PtUQJe3XSnOaVolsvXELBPbO
ezKuuh3oDhfzBiy0hmULWoms6gTzHQiE/on/BwcoIclmDyDQLQ8NrKsoiUkmzGwD
ZOPb/roYDQ5Q+f0CesVPlFLO0pa4bDUJ0eeFYQuf20MiGcRBojlR1XRgymMb0sjQ
cZ83NL3KM6PghxlFoRGqp3/M/n/J2wIDAQABo4IBODCCATQwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBeAwHwYDVR0jBBgwFoAUd7qRmCUTT+zWm9HLN+QCCZj+PxcwIwYD
VR0RBBwwGoIMKi5yZWRoYXQuY29tggpyZWRoYXQuY29tMF8GCWCGSAGG+EIBDQRS
FlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNCREMzOTcwQkphbiAxMyAwMDowMDow
MCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAyMDIxIEdNVDBzBgNVHSAEbDBqMGgG
BFUdIAAwYDBeBggrBgEFBQcCAjBSGlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNC
REMzOTcwQkphbiAxMyAwMDowMDowMCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAy
MDIxIEdNVDANBgkqhkiG9w0BAQsFAAOCAQEAVGf8A39Sb1GrY107RjXgHkcIMjLS
TsntiI3aesYZl39CqRk2az+JM9b21LKFnCy+PRV0FBLHV7s37BvRRadl+R6gLopT
WAdFiT+VtPi5H7gWf+glHPKnnFrgxpCII1EkF6712p5yiN8am0TfoaI61RnsgcoR
a2//XULyavLN2gKfPQZvTXo9taXVH9r68uRojw/xNdUCC5GtdXeVkRlrGwdo8E8C
pfLUtxIBVezOVfRmGRWUtHcQpT/kKNiBT7XpSv+KtF5Rz9kLrHGnDmCn7YVUjAA6
WCprqs9n5ufx/pxHaUbRlyFBz/9kk1ZEA/aGV8LXAuuKtAPThNS/dHXnhQ==
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./CN=*.redhat.com
issuer=/C=US/O=Cloud Services/OU=Operations/CN=SSL-SG1-GDEFR3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3855 bytes and written 464 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3B7CCD391A170C80990917972C70F35B8887C19C28F8E0E8281E757FD4CAA209
Session-ID-ctx:
Master-Key: 0CBD8379B6A8CCD5F28BA2CDA018EA9BEE7B7054F4AFC2C3384040B8F8A255F59B42BC11CAB9BB1EFA94938ABAE0FAAE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592225447
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
docker run -it frapsoft/openssl s_client -connect cdn.redhat.com:443 -prexit
CONNECTED(00000003)
depth=2 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=cdn.redhat.com
i:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
1 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
2 s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF9zCCA9+gAwIBAgICAdowDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT
MRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEWMBQGA1UECgwNUmVkIEhhdCwgSW5j
LjEYMBYGA1UECwwPUmVkIEhhdCBOZXR3b3JrMTEwLwYDVQQDDChSZWQgSGF0IEVu
dGl0bGVtZW50IE9wZXJhdGlvbnMgQXV0aG9yaXR5MSQwIgYJKoZIhvcNAQkBFhVj
YS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMTkxMjA1MTIyOTM2WhcNMjIxMjA0MTIy
OTM2WjBxMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAU
BgNVBAoMDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEX
MBUGA1UEAwwOY2RuLnJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQC3rUXhLHDRJUTZ0zMOB7tFN9SfEORhWXc4f2imNk+BaPq9XklgkkQi
nZH5RpfgaGd6LW9crqq8FbU+UQocY73PAo/t8rJ26Ol9O+8pG1R6oeClhwWKYvaN
iB6kDC1W+Squ9L8MGWsWAKzXwZ+FW2FNzyanLaX7Yxw5r+4B6oTxvakXFQIzecBh
Tbw8BKNU+mWQpnMoZ6q2EO5TdOyiakG/flAXDQMWhfhbkswYXYNPleyPqBdH9ZqF
mKvzo3+d5xpCggkXJ7PTTSbC+EzLSUlVnA42RvBgtpNi+E8lu/q+e8GFKULVaipG
2YCqnD2Wf269T/eI1SLUWxhpWXAjEiHjUMoRWhOoVVSzkuyOkDf+DPt6cor4IwgF
lZ/tAMdykQDXdR2sTC2wslsS8+X5qYpyu+VqiRYx6eLJPTDOdnRUGlOCPVT+mUth
x7Xab+wDYQxL38EPtiX1/5ttZvCxQohR3t46ezF/Ugu/T1A/EpkINDe0lWFKxWhw
c9MEUPHPNUfzUBMTQJehsPiLLvXuWbE8Y2xqA2uZgplJvDoGuhlQi1rR8YgpLzeN
RAX+RrzxLv0v7p8Cl51amwPpgcZtbBxUB6cxhxkaNULB9jeqNd7Pd+enhXwCS4oZ
Cjfjl2o5GtNAqy8UDqG+zP7OqtiAiswiSx0vAO8LBxUEwR0W63VUWwIDAQABo1gw
VjATBgNVHSUEDDAKBggrBgEFBQcDATA/BgNVHREEODA2gg5jZG4ucmVkaGF0LmNv
bYIPY2RuNi5yZWRoYXQuY29tghNzdGFnZWNkbi5yZWRoYXQuY29tMA0GCSqGSIb3
DQEBCwUAA4ICAQCLsHMAFIxlqFke2E+90Kvm/zW5NamQsdiZVGBpC8hXrsCekra9
pCMwuy4HXQWgisRqaxeNr14PuNHxmKC5ZIkFfhy0flSobUJ31D9tLBNxo5WXNY+f
9wy2SmOJYH9Tlibj4+uOwIxC5HtJD0gs+HBvmsOBXvFGJLi2aTRxWWqLryfIq4GE
bwCErF7002FT3hT5TfRZVAXEr85RU3PLpGYR5RS4u1HOnd3p6A6zJ71ZBjL/fATl
ps1LHwNxyR1I4nzR2B3TDE87ivjPb8khPu5qFBlYJ8Ral4xEqo6LqsleJUXHUiXN
03iuN9J+rJMHBV/jOZWwK5Gg/dR88DvYVzuiHOrw1cMqebAUYcnPzj/++8SrfAPP
4q5+zUGKhGKcS1RgwzW2xW6qAW8e6SyJHK7hfqnzvX+AV6QRv7Pm1581W9JOBGKQ
PljPMLluDnIQy28QZKkI25pqXsG4qxHF0G6OBPQbCvURpYNEYa00do4dvQUjny9C
Wryr6kCQEGVXcPcSt/8H7GduEPTSbpDAHunBRE6i+l6yEv0mGYml1l97RJ99Rt5/
iOIiimWvqVSHjbxZvqxQgfe8z5aKMlDedakfRYz9LM4/ZB/qVub40HcBW/+A5as3
MhHGYJUOsYPhOrk3WlX2VF2KeHXhFG58KsQ+fI4ie67XQtstn4iAfRv4Tw==
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=cdn.redhat.com
issuer=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
---
Acceptable client certificate CA names
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Candlepin Authority/emailAddress=ca-support@redhat.com
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:0x07+0x08:0x08+0x08:0x09+0x08:0x0A+0x08:0x0B+0x08:0x04+0x08:0x05+0x08:0x06+0x08:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6453 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: A8F86BCE76E242AA9019A51161DA13F65FAFD106D7C13D5F0F195235295B76F4
Session-ID-ctx:
Master-Key: C60426A34F0D1115D64C66E040292FB2072443643A6E2B8D8571F32F4D4F37F941040AE718254B8F83D7798548875A6C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592225375
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
closed
---
Certificate chain
0 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=cdn.redhat.com
i:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
1 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
2 s:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF9zCCA9+gAwIBAgICAdowDQYJKoZIhvcNAQELBQAwgbExCzAJBgNVBAYTAlVT
MRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEWMBQGA1UECgwNUmVkIEhhdCwgSW5j
LjEYMBYGA1UECwwPUmVkIEhhdCBOZXR3b3JrMTEwLwYDVQQDDChSZWQgSGF0IEVu
dGl0bGVtZW50IE9wZXJhdGlvbnMgQXV0aG9yaXR5MSQwIgYJKoZIhvcNAQkBFhVj
YS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMTkxMjA1MTIyOTM2WhcNMjIxMjA0MTIy
OTM2WjBxMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAU
BgNVBAoMDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEX
MBUGA1UEAwwOY2RuLnJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQC3rUXhLHDRJUTZ0zMOB7tFN9SfEORhWXc4f2imNk+BaPq9XklgkkQi
nZH5RpfgaGd6LW9crqq8FbU+UQocY73PAo/t8rJ26Ol9O+8pG1R6oeClhwWKYvaN
iB6kDC1W+Squ9L8MGWsWAKzXwZ+FW2FNzyanLaX7Yxw5r+4B6oTxvakXFQIzecBh
Tbw8BKNU+mWQpnMoZ6q2EO5TdOyiakG/flAXDQMWhfhbkswYXYNPleyPqBdH9ZqF
mKvzo3+d5xpCggkXJ7PTTSbC+EzLSUlVnA42RvBgtpNi+E8lu/q+e8GFKULVaipG
2YCqnD2Wf269T/eI1SLUWxhpWXAjEiHjUMoRWhOoVVSzkuyOkDf+DPt6cor4IwgF
lZ/tAMdykQDXdR2sTC2wslsS8+X5qYpyu+VqiRYx6eLJPTDOdnRUGlOCPVT+mUth
x7Xab+wDYQxL38EPtiX1/5ttZvCxQohR3t46ezF/Ugu/T1A/EpkINDe0lWFKxWhw
c9MEUPHPNUfzUBMTQJehsPiLLvXuWbE8Y2xqA2uZgplJvDoGuhlQi1rR8YgpLzeN
RAX+RrzxLv0v7p8Cl51amwPpgcZtbBxUB6cxhxkaNULB9jeqNd7Pd+enhXwCS4oZ
Cjfjl2o5GtNAqy8UDqG+zP7OqtiAiswiSx0vAO8LBxUEwR0W63VUWwIDAQABo1gw
VjATBgNVHSUEDDAKBggrBgEFBQcDATA/BgNVHREEODA2gg5jZG4ucmVkaGF0LmNv
bYIPY2RuNi5yZWRoYXQuY29tghNzdGFnZWNkbi5yZWRoYXQuY29tMA0GCSqGSIb3
DQEBCwUAA4ICAQCLsHMAFIxlqFke2E+90Kvm/zW5NamQsdiZVGBpC8hXrsCekra9
pCMwuy4HXQWgisRqaxeNr14PuNHxmKC5ZIkFfhy0flSobUJ31D9tLBNxo5WXNY+f
9wy2SmOJYH9Tlibj4+uOwIxC5HtJD0gs+HBvmsOBXvFGJLi2aTRxWWqLryfIq4GE
bwCErF7002FT3hT5TfRZVAXEr85RU3PLpGYR5RS4u1HOnd3p6A6zJ71ZBjL/fATl
ps1LHwNxyR1I4nzR2B3TDE87ivjPb8khPu5qFBlYJ8Ral4xEqo6LqsleJUXHUiXN
03iuN9J+rJMHBV/jOZWwK5Gg/dR88DvYVzuiHOrw1cMqebAUYcnPzj/++8SrfAPP
4q5+zUGKhGKcS1RgwzW2xW6qAW8e6SyJHK7hfqnzvX+AV6QRv7Pm1581W9JOBGKQ
PljPMLluDnIQy28QZKkI25pqXsG4qxHF0G6OBPQbCvURpYNEYa00do4dvQUjny9C
Wryr6kCQEGVXcPcSt/8H7GduEPTSbpDAHunBRE6i+l6yEv0mGYml1l97RJ99Rt5/
iOIiimWvqVSHjbxZvqxQgfe8z5aKMlDedakfRYz9LM4/ZB/qVub40HcBW/+A5as3
MhHGYJUOsYPhOrk3WlX2VF2KeHXhFG58KsQ+fI4ie67XQtstn4iAfRv4Tw==
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=cdn.redhat.com
issuer=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
---
Acceptable client certificate CA names
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Candlepin Authority/emailAddress=ca-support@redhat.com
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:0x07+0x08:0x08+0x08:0x09+0x08:0x0A+0x08:0x0B+0x08:0x04+0x08:0x05+0x08:0x06+0x08:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6484 bytes and written 476 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: A8F86BCE76E242AA9019A51161DA13F65FAFD106D7C13D5F0F195235295B76F4
Session-ID-ctx:
Master-Key: C60426A34F0D1115D64C66E040292FB2072443643A6E2B8D8571F32F4D4F37F941040AE718254B8F83D7798548875A6C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592225375
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
bash-4.4$ openssl s_client -connect cdn-ubi.redhat.com:443 -prexit
CONNECTED(00000003)
depth=3 C = US, O = "BlueCoat Systems, Inc.", CN = Cloud Services Root CA
verify return:1
depth=2 C = US, O = "Blue Coat Systems, Inc.", CN = Cloud Services CA - G2
verify return:1
depth=1 C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
verify return:1
depth=0 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", CN = *.redhat.com
verify return:1
---
Certificate chain
0 s:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", CN = *.redhat.com
i:C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
1 s:C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
i:C = US, O = "Blue Coat Systems, Inc.", CN = Cloud Services CA - G2
2 s:C = US, O = "Blue Coat Systems, Inc.", CN = Cloud Services CA - G2
i:C = US, O = "BlueCoat Systems, Inc.", CN = Cloud Services Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIIKhbXBAAAAAAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxFzAVBgNVBAoMDkNsb3VkIFNlcnZpY2VzMRMwEQYDVQQLDApPcGVyYXRp
b25zMRcwFQYDVQQDDA5TU0wtU0cxLUdERUZSMzAeFw0yMDAxMTMwMDAwMDBaFw0y
MTA0MTMxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv
bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjEV
MBMGA1UEAwwMKi5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0sgfXZ5R+TchYhigWguR8UuHqVOuHuQn91wAPMECj/+dhFMVgtroZMs0
bVG2adhrZsyOLdW28qUQw/ICgChakAINDAbQmXQzbXumA1ozY4qJmxB57BisVsUQ
/FzEbf5giE/Uv3Bu7LLYkMhuPP8u8T6KjJ9rx892PtUQJe3XSnOaVolsvXELBPbO
ezKuuh3oDhfzBiy0hmULWoms6gTzHQiE/on/BwcoIclmDyDQLQ8NrKsoiUkmzGwD
ZOPb/roYDQ5Q+f0CesVPlFLO0pa4bDUJ0eeFYQuf20MiGcRBojlR1XRgymMb0sjQ
cZ83NL3KM6PghxlFoRGqp3/M/n/J2wIDAQABo4IBODCCATQwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBeAwHwYDVR0jBBgwFoAUd7qRmCUTT+zWm9HLN+QCCZj+PxcwIwYD
VR0RBBwwGoIMKi5yZWRoYXQuY29tggpyZWRoYXQuY29tMF8GCWCGSAGG+EIBDQRS
FlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNCREMzOTcwQkphbiAxMyAwMDowMDow
MCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAyMDIxIEdNVDBzBgNVHSAEbDBqMGgG
BFUdIAAwYDBeBggrBgEFBQcCAjBSGlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNC
REMzOTcwQkphbiAxMyAwMDowMDowMCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAy
MDIxIEdNVDANBgkqhkiG9w0BAQsFAAOCAQEAVGf8A39Sb1GrY107RjXgHkcIMjLS
TsntiI3aesYZl39CqRk2az+JM9b21LKFnCy+PRV0FBLHV7s37BvRRadl+R6gLopT
WAdFiT+VtPi5H7gWf+glHPKnnFrgxpCII1EkF6712p5yiN8am0TfoaI61RnsgcoR
a2//XULyavLN2gKfPQZvTXo9taXVH9r68uRojw/xNdUCC5GtdXeVkRlrGwdo8E8C
pfLUtxIBVezOVfRmGRWUtHcQpT/kKNiBT7XpSv+KtF5Rz9kLrHGnDmCn7YVUjAA6
WCprqs9n5ufx/pxHaUbRlyFBz/9kk1ZEA/aGV8LXAuuKtAPThNS/dHXnhQ==
-----END CERTIFICATE-----
subject=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", CN = *.redhat.com
issuer=C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3850 bytes and written 452 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 077FF8BB7DB374422B09FB9C3640D72D1CDE5B3FE20C91342D9518B3AE9FB5B6
Session-ID-ctx:
Master-Key: DD37CEB3995FEBF02334406225A9B36B7B1B9C35150AB63ED26BE2203B9B62EDB9EE411800709A3E314299B4F847CA7F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592227905
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
read:errno=0
---
Certificate chain
0 s:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", CN = *.redhat.com
i:C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
1 s:C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
i:C = US, O = "Blue Coat Systems, Inc.", CN = Cloud Services CA - G2
2 s:C = US, O = "Blue Coat Systems, Inc.", CN = Cloud Services CA - G2
i:C = US, O = "BlueCoat Systems, Inc.", CN = Cloud Services Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIIKhbXBAAAAAAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxFzAVBgNVBAoMDkNsb3VkIFNlcnZpY2VzMRMwEQYDVQQLDApPcGVyYXRp
b25zMRcwFQYDVQQDDA5TU0wtU0cxLUdERUZSMzAeFw0yMDAxMTMwMDAwMDBaFw0y
MTA0MTMxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv
bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjEV
MBMGA1UEAwwMKi5yZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0sgfXZ5R+TchYhigWguR8UuHqVOuHuQn91wAPMECj/+dhFMVgtroZMs0
bVG2adhrZsyOLdW28qUQw/ICgChakAINDAbQmXQzbXumA1ozY4qJmxB57BisVsUQ
/FzEbf5giE/Uv3Bu7LLYkMhuPP8u8T6KjJ9rx892PtUQJe3XSnOaVolsvXELBPbO
ezKuuh3oDhfzBiy0hmULWoms6gTzHQiE/on/BwcoIclmDyDQLQ8NrKsoiUkmzGwD
ZOPb/roYDQ5Q+f0CesVPlFLO0pa4bDUJ0eeFYQuf20MiGcRBojlR1XRgymMb0sjQ
cZ83NL3KM6PghxlFoRGqp3/M/n/J2wIDAQABo4IBODCCATQwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBeAwHwYDVR0jBBgwFoAUd7qRmCUTT+zWm9HLN+QCCZj+PxcwIwYD
VR0RBBwwGoIMKi5yZWRoYXQuY29tggpyZWRoYXQuY29tMF8GCWCGSAGG+EIBDQRS
FlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNCREMzOTcwQkphbiAxMyAwMDowMDow
MCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAyMDIxIEdNVDBzBgNVHSAEbDBqMGgG
BFUdIAAwYDBeBggrBgEFBQcCAjBSGlAwQjBCRUIzQTA3RTQ3RTNFOTFDMjU2NTNC
REMzOTcwQkphbiAxMyAwMDowMDowMCAyMDIwIEdNVEFwciAxMyAxMjowMDowMCAy
MDIxIEdNVDANBgkqhkiG9w0BAQsFAAOCAQEAVGf8A39Sb1GrY107RjXgHkcIMjLS
TsntiI3aesYZl39CqRk2az+JM9b21LKFnCy+PRV0FBLHV7s37BvRRadl+R6gLopT
WAdFiT+VtPi5H7gWf+glHPKnnFrgxpCII1EkF6712p5yiN8am0TfoaI61RnsgcoR
a2//XULyavLN2gKfPQZvTXo9taXVH9r68uRojw/xNdUCC5GtdXeVkRlrGwdo8E8C
pfLUtxIBVezOVfRmGRWUtHcQpT/kKNiBT7XpSv+KtF5Rz9kLrHGnDmCn7YVUjAA6
WCprqs9n5ufx/pxHaUbRlyFBz/9kk1ZEA/aGV8LXAuuKtAPThNS/dHXnhQ==
-----END CERTIFICATE-----
subject=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", CN = *.redhat.com
issuer=C = US, O = Cloud Services, OU = Operations, CN = SSL-SG1-GDEFR3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3850 bytes and written 483 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 077FF8BB7DB374422B09FB9C3640D72D1CDE5B3FE20C91342D9518B3AE9FB5B6
Session-ID-ctx:
Master-Key: DD37CEB3995FEBF02334406225A9B36B7B1B9C35150AB63ED26BE2203B9B62EDB9EE411800709A3E314299B4F847CA7F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592227905
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Sorry if i sound like a total Newb to all this but how do i copy the intercepting SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image to /etc/pki/ca-trust/source/anchors/. How can i access the SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image. Thanks in advance for any help.
Sorry if i sound like a total Newb to all this but how do i copy the intercepting SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image to /etc/pki/ca-trust/source/anchors/. How can i access the SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image. Thanks in advance for any help.
Can Someone please help with this, I am also experiencing the same issue, running mvn clean package -Dquarkus.container-image.build=true
behind proxy.
Here is the full error I am getting
Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
Inside Dockerfile, use ADD to copy into image, then RUN to execute required update commands. What exactly you need to do, depends on which image you work on.
Steve-Dillon notifications@github.com schrieb am Di., 9. Feb. 2021, 19:23:
Sorry if i sound like a total Newb to all this but how do i copy the intercepting SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image to /etc/pki/ca-trust/source/anchors/. How can i access the SSL PEM inside registry.access.redhat.com/ubi8/ubi:8.1 image. Thanks in advance for any help.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/quarkusio/quarkus/issues/9893#issuecomment-776143205, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABAF3XQ5CNCMY3JL66IOMI3S6F4T3ANCNFSM4NZVXRCA .
Yeah would be great if there is a guide to the solution there many certs a long the way so knowing which one to do what with would be great. Everyone can do ADD and RUN that is not where the problem is...
Describe the bug When executing: mvn clean package -Dquarkus.kubernetes.deploy=true -debug
Expected behavior Quarkus installs whatever is needed to deploy
Actual behavior
To Reproduce Steps to reproduce the behavior:
I believe there is a problem with curl inside:
Screenshots (If applicable, add screenshots to help explain your problem.)
Environment (please complete the following information):
uname -a
orver
: $ uname -a Linux minikube 4.19.107 #1 SMP Thu May 28 15:07:17 PDT 2020 x86_64 GNU/Linuxjava -version
: λ java -version java version "1.8.0_152" Java(TM) SE Runtime Environment (build 1.8.0_152-b16) Java HotSpot(TM) 64-Bit Server VM (build 25.152-b16, mixed mode)mvnw --version
orgradlew --version
): λ mvn -v Apache Maven 3.6.1 (d66c9c0b3152b2e69ee9bac180bb8fcc8e6af555; 2019-04-04T21:00:29+02:00) Maven home: C:\Users\tool\apache-maven-3.6.1\bin.. Java version: 1.8.0_131, vendor: Oracle Corporation, runtime: C:\Users\tool\java\jre Default locale: de_DE, platform encoding: Cp1252 OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"Additional context I updated /etc/ssl/certs/cacert.pem without success. Also, when logged in via terminal, this helped - but not with Maven: