Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot connect to C8 with custom SSL in some cases handled correctly by zbctl #3366

Closed
barmac opened this issue Dec 20, 2022 · 3 comments
Closed

Cannot connect to C8 with custom SSL in some cases handled correctly by zbctl #3366

barmac opened this issue Dec 20, 2022 · 3 comments
Assignees
@nikku
Labels
bug Something isn't working channel:support deploy
Milestone
M61

Comments

@barmac
Copy link
Collaborator

barmac commented Dec 20, 2022

Describe the bug

Cannot connect to C8 with custom SSL in some cases handled correctly by zbctl.

See linked support case: https://jira.camunda.com/browse/SUPPORT-13807

Steps to reproduce

See linked support case.

Expected behavior

Whenever I can connect with zbctl, I should be able to do that with Camunda Modeler.

Environment

  • OS: [e.g. MacOS 10.2, Windows 10]
  • Camunda Modeler Version: [e.g. 2.0.0]
  • Execution Platform: [e.g. Camunda Platform, Camunda Cloud]
  • Installed plug-ins: [...]

Additional context

SUPPORT-13807
@barmac barmac added bug Something isn't working channel:support backlog Queued in backlog deploy labels Dec 20, 2022
@nikku

This comment was marked as outdated.

Sign in to view
@nikku nikku mentioned this issue Jan 25, 2023
Closed
nikku added a commit that referenced this issue Jan 25, 2023
@nikku
fix: pin zeebe-node version
7c36d04 
Closes #3326
Closes #3366
@nikku nikku mentioned this issue Jan 25, 2023
Closed
@bpmn-io-tasks bpmn-io-tasks bot added the needs review Review pending label Jan 25, 2023
@bpmn-io-tasks bpmn-io-tasks bot removed the backlog Queued in backlog label Jan 25, 2023
@nikku nikku added this to the M61 milestone Jan 25, 2023
nikku added a commit that referenced this issue Jan 26, 2023
@nikku
fix: pin grpc/* versions
21ba81e 
Closes #3326
Closes #3366
@bpmn-io-tasks bpmn-io-tasks bot added in progress Currently worked on and removed needs review Review pending labels Jan 26, 2023
@nikku
Copy link
Member

nikku commented Jan 26, 2023

I'll need to follow up with this issue based on our new test bed.

Maybe (hopefully) this becomes a configuration issue. #3366 (comment) is outdated.

barmac added a commit that referenced this issue Jan 27, 2023
@barmac
feat: verify the certificate passed via zeebe-ssl-certificate is ro…
ef25548 
…ot cert

Modeler will log errors whenever the certificate used to connect cannot be parsed
or is not a root certificate.

Cf. https://www.redhat.com/sysadmin/who-signed-my-cert#:~:text=A%20certificate%20is%20self%2Dsigned,also%20need%20a%20CA%20certificate

Related to #3366 and #3326
barmac added a commit that referenced this issue Jan 27, 2023
@barmac
feat: verify certificate passed via zeebe-ssl-certificate is root cert
8b7adf3 
Modeler will log errors whenever the certificate used to connect cannot be parsed
or is not a root certificate.

Cf. https://www.redhat.com/sysadmin/who-signed-my-cert#:~:text=A%20certificate%20is%20self%2Dsigned,also%20need%20a%20CA%20certificate

Related to #3366 and #3326
@barmac barmac mentioned this issue Jan 27, 2023
Merged
barmac added a commit that referenced this issue Jan 27, 2023
@barmac
feat: verify certificate passed via zeebe-ssl-certificate is root cert
b114133 
Modeler will log errors whenever the certificate used to connect cannot be parsed
or is not a root certificate.

Cf. https://www.redhat.com/sysadmin/who-signed-my-cert#:~:text=A%20certificate%20is%20self%2Dsigned,also%20need%20a%20CA%20certificate

Related to #3366 and #3326
nikku pushed a commit that referenced this issue Jan 27, 2023
@barmac @nikku
feat: verify certificate passed via zeebe-ssl-certificate is root cert
59cbb89 
Modeler will log errors whenever the certificate used to connect cannot be parsed
or is not a root certificate.

Cf. https://www.redhat.com/sysadmin/who-signed-my-cert#:~:text=A%20certificate%20is%20self%2Dsigned,also%20need%20a%20CA%20certificate

Related to #3366 and #3326
@nikku
Copy link
Member

nikku commented Jan 27, 2023

Closing this as won't fix.

In the Camunda Modeler certificates used to validate a secured connection to Zeebe must be signing authority root certificates, not the server certificate itself (#3326 (comment)).

We are now eagerly validating the correctness of certificates (#3411) and improved our documentation on this matter (camunda/camunda-docs#1652), too.

@nikku nikku closed this as not planned Won't fix, can't repro, duplicate, stale Jan 27, 2023
@bpmn-io-tasks bpmn-io-tasks bot removed the in progress Currently worked on label Jan 27, 2023
@nikku nikku mentioned this issue Jan 30, 2023
Closed
lzgabel pushed a commit to lzgabel/camunda-modeler that referenced this issue Apr 4, 2023
@barmac
feat: verify certificate passed via zeebe-ssl-certificate is root cert
5a34c2e 
Modeler will log errors whenever the certificate used to connect cannot be parsed
or is not a root certificate.

Cf. https://www.redhat.com/sysadmin/who-signed-my-cert#:~:text=A%20certificate%20is%20self%2Dsigned,also%20need%20a%20CA%20certificate

Related to camunda#3366 and camunda#3326
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikku nikku

Labels
bug Something isn't working channel:support deploy
Projects
None yet
Milestone
M61
Development

Successfully merging a pull request may close this issue.

fix: pin grpc/* versions camunda/camunda-modeler
2 participants
@nikku @barmac