Unable to run task when using custom TLS certificate
See original GitHub issueDescribe the bug
I have deployed Che on minikube. I am using a custom TLS certificate for Che endpoints.
That means that I have:
- created a Kubernets tls secret with the key and certificate
- updated CheCluster setting both
spec/k8s/tlsSecretName
and/spec/server/cheHostTLSSecret
to point to that secret - add the CA certificate in configmap properly labelled (as described here)
When trying to run a task I get the following error:
Error launching task 'maven build': Request runTask failed with message: Failed to execute Che command: unable to verify the first certificate
Che version
nightly
Steps to reproduce
Deploy Che on minikube using chectl Configure Che to use a custom certificate as described here Start the Java maven sample Try to start one of the 2 tasks provided
Expected behavior
The maven build should run successfully
Runtime
minikube
minikube version: v1.17.1
commit: 043bdca07e54ab6e4fc0457e3064048f34133d7e
Installation method
$ chectl update next && \
chectl server:deploy \
-p minikube
Environment
macOS
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (11 by maintainers)
Top Results From Across the Web
Troubleshoot domain and TLS/SSL certificates - Azure App ...
The App Service certificate requires domain verification before the certificate is ready to use. When you select Verify, the process fails.
Read more >Configuring mutual TLS authentication for an HTTP API
To ensure that clients can access your API only by using a custom domain name with mutual TLS, disable the default execute-api endpoint....
Read more >QRadar: Custom SSL certificate troubleshooting - IBM
Unable to Get Issuer Certificate · Navigate to the folder where the pkcs7 resides. · To extract the certificate, run the command: openssl...
Read more >Self-signed certificates or custom Certification Authorities
The Runner injects missing certificates to build the CA chain by using CI_SERVER_TLS_CA_FILE . This allows git clone and artifacts to work with...
Read more >The request was aborted: Could not create SSL/TLS secure ...
The problem you're having is that the aspNet user doesn't have access to the certificate. You have to give access using the winhttpcertcfg.exe....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
The difference I see: https://che-incubator.github.io/2021/02/01/@mario.loriedo-using-mkcert-to-locally-trust-eclipse-che-tls-certificates-ffaafe76e5d0.html creates CA into
custom-certs
certWhile default certs Che operator generated, are propagated over
from secret
self-signed-certificate
Custom certificates and Che Self-signed can be used on different ways.Closing as this issue as been solved. Although I am still not able to successfully run this scenario as I have found another bug 😡