token: x509: certificate signed by unknown authority

Pete-Letkeman · April 2018


Any thoughts on how to fix this error that I'm experiencing with the second lab in the Chapter 18?

Here is my proxy-manifest.yml
---
applications:
  - name: uaa-guard-proxy
    command: proxy
    path: proxy
    memory: 128M
    env:
      GUARD_COOKIE_SECRET: very-secret
      GUARD_DEFAULT_CALLBACK_URL: https://uaa-guard-proxy.local.pcfdev.io/auth/cloudfoundry/callback
      GUARD_LOGIN_URL: https://uaa-lancer78.local.pcfdev.io
      GUARD_CLIENT_KEY: dashboard
      GUARD_CLIENT_SECRET: dashboardsecret

Here is my uaa-manifest.yml 

#Deploy UAA Server as Cloud Foundry Service
---
applications:
- name: uaa
  memory: 1024M
  instances: 1
  random-route: false
  buildpack: java_buildpack
  path: uaa.war
  host: uaa-lancer78
  env:
    UAA_URL: http://uaa-lancer78.local.pcfdev.io
    LOGIN_URL: http://uaa-lancer78.local.pcfdev.io
    JBP_CONFIG_SPRING_AUTO_RECONFIGURATION: '{enabled: false}'
    UAA_CONFIG_YAML: |
      spring_profiles: default,hsqldb
      login:
        serviceProviderKey:
# BEGIN RSA PRIVATE KEY omitted


# BEGIN CERTIFICATE omitted
      jwt:
        token:
          signing-key: tokenKey
      zones:
       internal:
         hostnames:
           - uaa-lancer78.local.pcfdev.io
      database:
        # url: <url starting with jdbc here>
        # username: <db username>
        # password: <db password>
        maxactive: 15
        maxidle: 5
        minidle: 1

When I try out the site I get the following message:
/oauth/token: x509: certificate signed by unknown authority

vlaskovic · April 2018

Plase try curl -k for cf dev trust

Pete-Letkeman · April 2018

I'm not entirely sure what you mean so I ran a few different commands as listed below:

Below is the result of curl --cert-status:

$ curl --cert-status https://web-ui-boisterous-panther.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

------------------------------------------------------

$ curl -k dev trust

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0curl: (6) Could not resolve host: dev

0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0curl: (6) Could not resolve host: trust

------------------------------------------------------

Below are the results of executing curl -k againist the sites:

$ curl -k http://roster-nice-bat.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 384 100 384 0 0 546 0 --:--:-- --:--:-- --:--:-- 546{

"_links" : {

"people_status" : {

"href" : "http://roster-nice-bat.local.pcfdev.io/people_status{?page,size,sort}",

"templated" : true

},

"people" : {

"href" : "http://roster-nice-bat.local.pcfdev.io/people{?page,size,sort}",

"templated" : true

},

"profile" : {

"href" : "http://roster-nice-bat.local.pcfdev.io/profile"

}

}

}

$ curl -k http://web-ui-boisterous-panther.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 41 100 41 0 0 372 0 --:--:-- --:--:-- --:--:-- 372<a href="/auth">Temporary Redirect</a>.

$ curl -k http://uaa-lancer78.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

$ curl -k http://uaa-guard-proxy.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 41 100 41 0 0 525 0 --:--:-- --:--:-- --:--:-- 525<a href="/auth">Temporary Redirect</a>.

$ curl -k https://uaa-guard-proxy.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 41 100 41 0 0 872 0 --:--:-- --:--:-- --:--:-- 872<a href="/auth">Temporary Redirect</a>.

$ curl -k https://uaa-lancer78.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

$ curl -k https://web-ui-boisterous-panther.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 41 100 41 0 0 2562 0 --:--:-- --:--:-- --:--:-- 2562<a href="/auth">Temporary Redirect</a>.

$ curl -k https://roster-nice-bat.local.pcfdev.io

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 387 100 387 0 0 4961 0 --:--:-- --:--:-- --:--:-- 4961{

"_links" : {

"people_status" : {

"href" : "https://roster-nice-bat.local.pcfdev.io/people_status{?page,size,sort}",

"templated" : true

},

"people" : {

"href" : "https://roster-nice-bat.local.pcfdev.io/people{?page,size,sort}",

"templated" : true

},

"profile" : {

"href" : "https://roster-nice-bat.local.pcfdev.io/profile"

}

}

}

token: x509: certificate signed by unknown authority

Comments

Categories

Upcoming Training

Kubernetes Administration (LFS458)

Linux System Administration (LFS301)

Open Source Virtualization (LFS462)

Linux Kernel Debugging and Security (LFD440)