Closed david-bergman closed 3 years ago
What was the full error that you got?
the API would have returned the forbidden status code case http.StatusForbidden: err = newAuthorizationError("Forbidden access to " + chosenNode.Database + "@" + chosenNode.URL + ", " + request.Method + " " + request.URL.String())
this is my full error.
session.SaveChanges() failed with Forbidden access to tm-gatekeeper@https://c.trackmatic.ravendb.run, GET https://c.trackmatic.ravendb.run/topology?name=tm-gatekeeper
There is still missing details. It should also tell you why it failed. Something like no certificate, unfamiliar certificate, etc.
I modified the request_executor.go, in order to just output the response body of the request made.
This is the error in the body
{"Type":"InvalidAuth","Message":"This server requires client certificate for authentication, but none was provided by the client."}
Thanks, that is very helpful. Can you also send a PR for your change?
Your code is missing the setting of this field, no?
https://github.com/ravendb/ravendb-go-client/blob/master/document_store.go#L30
Here is the full code that you need to run this:
func getDocumentStore(databaseName string) (*ravendb.DocumentStore, error) {
cerPath := "/path/to/client.certificate.crt"
keyPath := "/path/to/certificate.key"
cer, err := tls.LoadX509KeyPair(cerPath, keyPath)
if err != nil {
return nil, err
}
serverNodes := []string{"https://your-instance-url"}
store := ravendb.NewDocumentStore(serverNodes, databaseName)
store.Certificate = &cer
x509cert, err := x509.ParseCertificate(cer.Certificate[0])
if err != nil {
return nil, err
}
store.TrustStore = x509cert
if store.TrustStore == nil {
panic("nil trust store");
}
if err := store.Initialize(); err != nil {
return nil, err
}
return store, nil
}
Thanks so much Ayende!
That is exactly what I was looking for, working now.
I also added this to the readme
.
On Wed, Sep 16, 2020 at 7:19 PM David Bergman notifications@github.com wrote:
Closed #158 https://github.com/ravendb/ravendb-go-client/issues/158.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ravendb/ravendb-go-client/issues/158#event-3774038187, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4RMYTNNN7ZLDMIO44SJDSGDQRNANCNFSM4RNJWZGQ .
-- https://ravendb.net/ Oren Eini CEO / Hibernating Rhinos LTD https://hibernatingrhinos.com/ Mobile: 972-52-548-6969 Sales: sales@ravendb.net Skype: ayenderahien Support: support@ravendb.net https://www.facebook.com/pages/RavenDB/265907650186374 https://twitter.com/ravendb https://www.linkedin.com/company/hibernating-rhinos-ltd-/ https://ravendb.net/emailsignature/displayeventpage
great, one thing I did notice, is if there is a passphrase on the certificate, the code will fail.
It will require an override of the loadX509KeyPair function that passes in the passphrase, I was able to implement a working solution for this scenario with the help of the following snippet.
Thanks, very useful and added to the readme as well
On Fri, Sep 18, 2020 at 4:39 PM David Bergman notifications@github.com wrote:
great, one thing I did notice, is if there is a passphrase on the certificate, the code will fail.
It will require an override of the loadX509KeyPair function that passes in the passphrase, I was able to implement a working solution for this scenario with the help of the following snippet.
https://play.golang.org/p/8OYTuZtZIQ
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ravendb/ravendb-go-client/issues/158#issuecomment-694873675, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4RMYBIKB7COZPWATTCRDSGNPKBANCNFSM4RNJWZGQ .
-- https://ravendb.net/ Oren Eini CEO / Hibernating Rhinos LTD https://hibernatingrhinos.com/ Mobile: 972-52-548-6969 Sales: sales@ravendb.net Skype: ayenderahien Support: support@ravendb.net https://www.facebook.com/pages/RavenDB/265907650186374 https://twitter.com/ravendb https://www.linkedin.com/company/hibernating-rhinos-ltd-/ https://ravendb.net/emailsignature/displayeventpage
Hi,
I am looking for how to connect to a raven 5 instance using a x509 pfx certificate. I cant find any examples on how to achieve this.
The closest I could get was the below, yet I am getting an error session.SaveChanges() failed with Forbidden access to
Any assistance here would be greatly appreciated.
func getDocumentStore(databaseName string) (*ravendb.DocumentStore, error) { serverNodes := []string{nodeA, nodeB, nodeC}
}