Tlsv1 alert unknown ca

Hello,
I am having trouble running pulp-admin repo list. After I connect to the
Pulp server and try to run the repo list, I get an error:

pulp-admin repo list

··· +----------------------------------------------------------------------+ Repositories +----------------------------------------------------------------------+

An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.

[ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log
repo_list =
self.context.server.repo.repositories(query_params).response_body
File “/usr/lib/python2.6/site-packages/pulp/bindings/repository.py”, line
34, in repositories
return self.server.GET(path, query_parameters)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line 92,
in GET
return self._request(‘GET’, path, queries)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method, url,
body)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

This has been driving me crazy for a while. Another thread recommended
setting verify_ssl to False in the ~/.pulp/admin.conf So I did that but am
still getting the tlsv1 alert unknown ca error.

Any help would be very much appreciated.

Sounds like the error i had.

edit /etc/httpd.conf/05-foreman-ssl.conf and comment out
SSLCARecovationCheck

SSLCARevocationCheck "chain"

Restart httpd and that fixed a similar issue for me.

-byron

··· On Thursday, November 12, 2015 at 1:45:13 PM UTC-6, ian forte wrote: > > Hello, > I am having trouble running pulp-admin repo list. After I connect to the > Pulp server and try to run the repo list, I get an error: > > > pulp-admin repo list > +----------------------------------------------------------------------+ > Repositories > +----------------------------------------------------------------------+ > > An error occurred attempting to contact the server. More information can be > found in the client log file ~/.pulp/admin.log. > > [ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log > repo_list = > self.context.server.repo.repositories(query_params).response_body > File "/usr/lib/python2.6/site-packages/pulp/bindings/repository.py", > line 34, in repositories > return self.server.GET(path, query_parameters) > File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line > 92, in GET > return self._request('GET', path, queries) > File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line > 142, in _request > response_code, response_body = self.server_wrapper.request(method, > url, body) > File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line > 332, in request > raise exceptions.ConnectionException(None, str(err), None) > ConnectionException: (None, 'tlsv1 alert unknown ca', None) > > This has been driving me crazy for a while. Another thread recommended > setting verify_ssl to False in the ~/.pulp/admin.conf So I did that but am > still getting the tlsv1 alert unknown ca error. > > Any help would be very much appreciated. >

Hi all,

Same for me.
The workaround setting option "SSLVerifyClient" from "optional" to
"optional_no_ca" in file "/etc/httpd/conf.d/05-foreman-ssl.conf" is
working, but I don't like that…

Any other idea ?

··· Le jeudi 12 novembre 2015 20:45:13 UTC+1, ian forte a écrit : > > Hello, > I am having trouble running pulp-admin repo list. After I connect to the > Pulp server and try to run the repo list, I get an error: > > > pulp-admin repo list > +----------------------------------------------------------------------+ > Repositories > +----------------------------------------------------------------------+ > > An error occurred attempting to contact the server. More information can be > found in the client log file ~/.pulp/admin.log. > > >

I saw that recommendation on another thread but it looks like
SSLCARecovationCheck is missing from my 05-foreman-ssl.conf config.

··· On Thu, Nov 12, 2015 at 12:04 PM, Byron Miller wrote:

Sounds like the error i had.

edit /etc/httpd.conf/05-foreman-ssl.conf and comment out
SSLCARecovationCheck

SSLCARevocationCheck “chain”

Restart httpd and that fixed a similar issue for me.

-byron

On Thursday, November 12, 2015 at 1:45:13 PM UTC-6, ian forte wrote:

Hello,
I am having trouble running pulp-admin repo list. After I connect to the
Pulp server and try to run the repo list, I get an error:

pulp-admin repo list
±---------------------------------------------------------------------+
Repositories
±---------------------------------------------------------------------+

An error occurred attempting to contact the server. More information can
be
found in the client log file ~/.pulp/admin.log.

[ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log
repo_list =
self.context.server.repo.repositories(query_params).response_body
File “/usr/lib/python2.6/site-packages/pulp/bindings/repository.py”,
line 34, in repositories
return self.server.GET(path, query_parameters)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
92, in GET
return self._request(‘GET’, path, queries)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method,
url, body)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

This has been driving me crazy for a while. Another thread recommended
setting verify_ssl to False in the ~/.pulp/admin.conf So I did that but am
still getting the tlsv1 alert unknown ca error.

Any help would be very much appreciated.


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/WXs_-8fiJ9o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

The only SSL directives i have in that file are:

SSL directives

SSLEngine on
SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key"
SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData

··· On Thu, Nov 12, 2015 at 12:04 PM, Byron Miller wrote:

Sounds like the error i had.

edit /etc/httpd.conf/05-foreman-ssl.conf and comment out
SSLCARecovationCheck

SSLCARevocationCheck “chain”

Restart httpd and that fixed a similar issue for me.

-byron

On Thursday, November 12, 2015 at 1:45:13 PM UTC-6, ian forte wrote:

Hello,
I am having trouble running pulp-admin repo list. After I connect to the
Pulp server and try to run the repo list, I get an error:

pulp-admin repo list
±---------------------------------------------------------------------+
Repositories
±---------------------------------------------------------------------+

An error occurred attempting to contact the server. More information can
be
found in the client log file ~/.pulp/admin.log.

[ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log
repo_list =
self.context.server.repo.repositories(query_params).response_body
File “/usr/lib/python2.6/site-packages/pulp/bindings/repository.py”,
line 34, in repositories
return self.server.GET(path, query_parameters)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
92, in GET
return self._request(‘GET’, path, queries)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method,
url, body)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

This has been driving me crazy for a while. Another thread recommended
setting verify_ssl to False in the ~/.pulp/admin.conf So I did that but am
still getting the tlsv1 alert unknown ca error.

Any help would be very much appreciated.


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/WXs_-8fiJ9o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Hello,

i have exactly the same symptom as you. did you get a solution?

My setup is a fresh install from katello (i tried to deploy it).

··· Le jeudi 12 novembre 2015 21:14:20 UTC+1, ian forte a écrit : > > The only SSL directives i have in that file are: > > ## SSL directives > SSLEngine on > SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt" > SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key" > SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt" > SSLCACertificatePath "/etc/pki/tls/certs" > SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" > SSLVerifyClient optional > SSLVerifyDepth 3 > SSLOptions +StdEnvVars +ExportCertData > > > On Thu, Nov 12, 2015 at 12:04 PM, Byron Miller > wrote: > >> Sounds like the error i had. >> >> edit /etc/httpd.conf/05-foreman-ssl.conf and comment out >> SSLCARecovationCheck >> >> # SSLCARevocationCheck "chain" >> >> Restart httpd and that fixed a similar issue for me. >> >> -byron >> >> >> On Thursday, November 12, 2015 at 1:45:13 PM UTC-6, ian forte wrote: >>> >>> Hello, >>> I am having trouble running pulp-admin repo list. After I connect to >>> the Pulp server and try to run the repo list, I get an error: >>> >>> >>> pulp-admin repo list >>> +----------------------------------------------------------------------+ >>> Repositories >>> +----------------------------------------------------------------------+ >>> >>> An error occurred attempting to contact the server. More information can >>> be >>> found in the client log file ~/.pulp/admin.log. >>> >>> [ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log >>> repo_list = >>> self.context.server.repo.repositories(query_params).response_body >>> File "/usr/lib/python2.6/site-packages/pulp/bindings/repository.py", >>> line 34, in repositories >>> return self.server.GET(path, query_parameters) >>> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line >>> 92, in GET >>> return self._request('GET', path, queries) >>> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line >>> 142, in _request >>> response_code, response_body = self.server_wrapper.request(method, >>> url, body) >>> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line >>> 332, in request >>> raise exceptions.ConnectionException(None, str(err), None) >>> ConnectionException: (None, 'tlsv1 alert unknown ca', None) >>> >>> This has been driving me crazy for a while. Another thread recommended >>> setting verify_ssl to False in the ~/.pulp/admin.conf So I did that but am >>> still getting the tlsv1 alert unknown ca error. >>> >>> Any help would be very much appreciated. >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Foreman users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/foreman-users/WXs_-8fiJ9o/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> foreman-user...@googlegroups.com . >> To post to this group, send email to forema...@googlegroups.com >> . >> Visit this group at http://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > >

Do you get this error if you supply username and password using pulp-admin?

··· On Fri, Jan 22, 2016 at 8:51 AM, Lionel Caignec wrote:

Hello,

i have exactly the same symptom as you. did you get a solution?

My setup is a fresh install from katello (i tried to deploy it).

Le jeudi 12 novembre 2015 21:14:20 UTC+1, ian forte a écrit :

The only SSL directives i have in that file are:

SSL directives

SSLEngine on
SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key"
SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData

On Thu, Nov 12, 2015 at 12:04 PM, Byron Miller byr...@gmail.com wrote:

Sounds like the error i had.

edit /etc/httpd.conf/05-foreman-ssl.conf and comment out
SSLCARecovationCheck

SSLCARevocationCheck “chain”

Restart httpd and that fixed a similar issue for me.

-byron

On Thursday, November 12, 2015 at 1:45:13 PM UTC-6, ian forte wrote:

Hello,
I am having trouble running pulp-admin repo list. After I connect to
the Pulp server and try to run the repo list, I get an error:

pulp-admin repo list
±---------------------------------------------------------------------+
Repositories
±---------------------------------------------------------------------+

An error occurred attempting to contact the server. More information
can be
found in the client log file ~/.pulp/admin.log.

[ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log
repo_list =
self.context.server.repo.repositories(query_params).response_body
File “/usr/lib/python2.6/site-packages/pulp/bindings/repository.py”,
line 34, in repositories
return self.server.GET(path, query_parameters)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
92, in GET
return self._request(‘GET’, path, queries)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
142, in _request
response_code, response_body = self.server_wrapper.request(method,
url, body)
File “/usr/lib/python2.6/site-packages/pulp/bindings/server.py”, line
332, in request
raise exceptions.ConnectionException(None, str(err), None)
ConnectionException: (None, ‘tlsv1 alert unknown ca’, None)

This has been driving me crazy for a while. Another thread recommended
setting verify_ssl to False in the ~/.pulp/admin.conf So I did that but am
still getting the tlsv1 alert unknown ca error.

Any help would be very much appreciated.


You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/WXs_-8fiJ9o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-user...@googlegroups.com.
To post to this group, send email to forema...@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.


Eric D. Helms
Red Hat Engineering
Ph.D. Student - North Carolina State University

Hello thanks for reply,

when i trie thise commande it's ok :

pulp-admin login --user=admin --password=password…

Successfully logged in. Session certificate will expire at Feb 1 10:19:28
2016
GMT.

But then when i tried somthing like :

pulp-admin tasks list

i get an error with this in log : "ConnectionException: (None, 'tlsv1 alert
unknown ca', None)".

The only workaround is to set option "SSLVerifyClient" from "optional" to
"optional_no_ca" in file "/etc/httpd/conf.d/05-foreman-ssl.conf".

But i think it's not a good idea.

··· Le vendredi 22 janvier 2016 18:33:58 UTC+1, Eric Helms a écrit : > > Do you get this error if you supply username and password using pulp-admin? > > On Fri, Jan 22, 2016 at 8:51 AM, Lionel Caignec > wrote: > >> Hello, >> >> i have exactly the same symptom as you. did you get a solution? >> >> My setup is a fresh install from katello (i tried to deploy it). >> >> >> >> >> Le jeudi 12 novembre 2015 21:14:20 UTC+1, ian forte a écrit : >>> >>> The only SSL directives i have in that file are: >>> >>> ## SSL directives >>> SSLEngine on >>> SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt" >>> SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key" >>> SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt" >>> SSLCACertificatePath "/etc/pki/tls/certs" >>> SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" >>> SSLVerifyClient optional >>> SSLVerifyDepth 3 >>> SSLOptions +StdEnvVars +ExportCertData >>> >>> >>> On Thu, Nov 12, 2015 at 12:04 PM, Byron Miller wrote: >>> >>>> Sounds like the error i had. >>>> >>>> edit /etc/httpd.conf/05-foreman-ssl.conf and comment out >>>> SSLCARecovationCheck >>>> >>>> # SSLCARevocationCheck "chain" >>>> >>>> Restart httpd and that fixed a similar issue for me. >>>> >>>> -byron >>>> >>>> >>>> On Thursday, November 12, 2015 at 1:45:13 PM UTC-6, ian forte wrote: >>>>> >>>>> Hello, >>>>> I am having trouble running pulp-admin repo list. After I connect to >>>>> the Pulp server and try to run the repo list, I get an error: >>>>> >>>>> >>>>> pulp-admin repo list >>>>> >>>>> +----------------------------------------------------------------------+ >>>>> Repositories >>>>> >>>>> +----------------------------------------------------------------------+ >>>>> >>>>> An error occurred attempting to contact the server. More information >>>>> can be >>>>> found in the client log file ~/.pulp/admin.log. >>>>> >>>>> [ian@katello 05-foreman-ssl.d]$ tail ~/.pulp/admin.log >>>>> repo_list = >>>>> self.context.server.repo.repositories(query_params).response_body >>>>> File "/usr/lib/python2.6/site-packages/pulp/bindings/repository.py", >>>>> line 34, in repositories >>>>> return self.server.GET(path, query_parameters) >>>>> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", >>>>> line 92, in GET >>>>> return self._request('GET', path, queries) >>>>> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", >>>>> line 142, in _request >>>>> response_code, response_body = self.server_wrapper.request(method, >>>>> url, body) >>>>> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", >>>>> line 332, in request >>>>> raise exceptions.ConnectionException(None, str(err), None) >>>>> ConnectionException: (None, 'tlsv1 alert unknown ca', None) >>>>> >>>>> This has been driving me crazy for a while. Another thread >>>>> recommended setting verify_ssl to False in the ~/.pulp/admin.conf So I did >>>>> that but am still getting the tlsv1 alert unknown ca error. >>>>> >>>>> Any help would be very much appreciated. >>>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Foreman users" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/foreman-users/WXs_-8fiJ9o/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> foreman-user...@googlegroups.com. >>>> To post to this group, send email to forema...@googlegroups.com. >>>> Visit this group at http://groups.google.com/group/foreman-users. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-user...@googlegroups.com . >> To post to this group, send email to forema...@googlegroups.com >> . >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Eric D. Helms > Red Hat Engineering > Ph.D. Student - North Carolina State University >