question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to run task when using custom TLS certificate

See original GitHub issue

Describe the bug

I have deployed Che on minikube. I am using a custom TLS certificate for Che endpoints.

That means that I have:

When trying to run a task I get the following error:

Error launching task 'maven build': Request runTask failed with message: Failed to execute Che command: unable to verify the first certificate 
image

Che version

nightly

Steps to reproduce

Deploy Che on minikube using chectl Configure Che to use a custom certificate as described here Start the Java maven sample Try to start one of the 2 tasks provided

Expected behavior

The maven build should run successfully

Runtime

minikube

minikube version: v1.17.1
commit: 043bdca07e54ab6e4fc0457e3064048f34133d7e

Installation method

$  chectl update next && \
   chectl server:deploy \
       -p minikube

Environment

macOS

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (11 by maintainers)

github_iconTop GitHub Comments

1reaction
sleshchenkocommented, Mar 9, 2021

Why it is working with the origininal self-signed certificate that is generated when installing Che?

The difference I see: https://che-incubator.github.io/2021/02/01/@mario.loriedo-using-mkcert-to-locally-trust-eclipse-che-tls-certificates-ffaafe76e5d0.html creates CA into custom-certs cert

While default certs Che operator generated, are propagated over

    spec:
      containers:
      - env:
        - name: CHE_SELF__SIGNED__CERT
          valueFrom:
            secretKeyRef:
              key: ca.crt
              name: self-signed-certificate
              optional: true
        - name: CHE_GIT_SELF__SIGNED__CERT
        - name: CHE_GIT_SELF__SIGNED__CERT__HOST

from secret self-signed-certificate Custom certificates and Che Self-signed can be used on different ways.

0reactions
l0rdcommented, Mar 17, 2021

Closing as this issue as been solved. Although I am still not able to successfully run this scenario as I have found another bug 😡

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshoot domain and TLS/SSL certificates - Azure App ...
The App Service certificate requires domain verification before the certificate is ready to use. When you select Verify, the process fails.
Read more >
Configuring mutual TLS authentication for an HTTP API
To ensure that clients can access your API only by using a custom domain name with mutual TLS, disable the default execute-api endpoint....
Read more >
QRadar: Custom SSL certificate troubleshooting - IBM
Unable to Get Issuer Certificate · Navigate to the folder where the pkcs7 resides. · To extract the certificate, run the command: openssl...
Read more >
Self-signed certificates or custom Certification Authorities
The Runner injects missing certificates to build the CA chain by using CI_SERVER_TLS_CA_FILE . This allows git clone and artifacts to work with...
Read more >
The request was aborted: Could not create SSL/TLS secure ...
The problem you're having is that the aspNet user doesn't have access to the certificate. You have to give access using the winhttpcertcfg.exe....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found