Open tashian opened 1 year ago
The cli issues a HTTP GET request to <ca-url>/root/<fingerprint>
. Assuming that we manage to connect to the hostname and perform the GET request, the error we get when using an invalid fingerprint is a 404:
{"status":404,"message":"The requested resource could not be found. Please see the certificate authority logs for more info."}
I can see two ways to get a more meaningful error message here:
(1) seems preferable to me, since there might be other consumers of the REST API. @tashian, wdyt?
First option would be my choice too.
A combination of the two might also be possible, but I think then we would preferably have an application error code as a field in the response, which the CLI (and possibly other clients) can act on. That's what's done with the ACME API, and would be nice if we'd implement this on more endpoints. But just a clearer message will get the job done now.
When the CA URL is correct, and the fingerprint does not match, the output of
step ca bootstrap
is confusing:It would be nice here if the client could say that the cert fingerprint doesn't match.