Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection with remote client - Certificate already in trust store #389

Closed
gabrik opened this issue Feb 28, 2020 · 1 comment
Closed

Connection with remote client - Certificate already in trust store #389

gabrik opened this issue Feb 28, 2020 · 1 comment

Comments

@gabrik
Copy link
Contributor

gabrik commented Feb 28, 2020
edited

Hi all,

I was trying to connect to a remote LXD server using a certificate, but when calling authenticate I got 'pylxd.exceptions.LXDAPIException: Certificate already in trust store'

Here the simple python code I'm using.

$ python3
Python 3.7.3 (default, Dec 20 2019, 18:57:59)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pylxd import Client
>>> key = '/etc/fos/plugins/plugin-fdu-lxd/templates/lxd.key'
>>> cert = '/etc/fos/plugins/plugin-fdu-lxd/templates/lxd.crt'
>>> c = Client(endpoint='https://192.168.174.135:8443',verify=False, cert=(cert,key))
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
>>> c.authenticate('fos')
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/dist-packages/pylxd/client.py", line 356, in authenticate
    self.certificates.create(password, cert)
  File "/usr/local/lib/python3.7/dist-packages/pylxd/models/certificate.py", line 62, in create
    client.api.certificates.post(json=data)
  File "/usr/local/lib/python3.7/dist-packages/pylxd/client.py", line 177, in post
    self._assert_response(response, allowed_status_codes=(200, 201, 202))
  File "/usr/local/lib/python3.7/dist-packages/pylxd/client.py", line 117, in _assert_response
    raise exceptions.LXDAPIException(response)
pylxd.exceptions.LXDAPIException: Certificate already in trust store
>>> c.trusted
False

Edit:
I ran lxd sql global "SELECT * FROM certificates;" on the node and I get:

$ lxd sql global "SELECT * FROM certificates;"
+----+------------------------------------------------------------------+------+------+------------------------------------------------------------------+
| id |                           fingerprint                            | type | name |                           certificate                            |
+----+------------------------------------------------------------------+------+------+------------------------------------------------------------------+
| 1  | 31a77ae221f3246aecd5a3cd9c347cc386e7f8922b7662f993e2e3379fe5b5f9 | 1    |      | -----BEGIN CERTIFICATE-----                                      |
|    |                                                                  |      |      | MIIDBjCCAe4CCQC6HBAZu/vmBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB |
|    |                                                                  |      |      | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 |
|    |                                                                  |      |      | cyBQdHkgTHRkMB4XDTE4MDcwNTEwNTgzN1oXDTE5MDcwNTEwNTgzN1owRTELMAkG |
|    |                                                                  |      |      | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 |
|    |                                                                  |      |      | IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB |
|    |                                                                  |      |      | AMJHmH6ZginUWmb7jqWmP1s7CWs/QFvWXIUR2WqrvB5SC8a57Yssi2pbpNlvBx4z |
|    |                                                                  |      |      | coT+Hpm0FxIZjHgGjuZ1Z5MylWdFnYL5SRHTkjXxmJMp5o1kDilZ2P0vecZv6jAg |
|    |                                                                  |      |      | ylmKSP1EpbxiZYTJbr9YA2hOcEYHBneHpdQKB/t8Fbi8Tz9ojP4esqTWrErDNqa2 |
|    |                                                                  |      |      | wd4fV1FuaqQaH3MuJMnXnNOFl/eEzMdg7TAfkg10EwuXGYPqri5tN38X5a+Tjo7H |
|    |                                                                  |      |      | eb0eF1HG4QmwgB4PnNVhiyd30FLBfkun9F9M83B7z5Xe3eKm2TEb3BExOpFKGWoi |
|    |                                                                  |      |      | FIE3rsQKB8YcLT/LzM0TaDECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAOzUTAOzg |
|    |                                                                  |      |      | eBh7bPy50YkyVDeuD+FPU4W42co8tXLOw7dCw9KV0aHgs855H4BhtYbdsDZBl20I |
|    |                                                                  |      |      | QFWDcgSWGye+jhpEDkjI7F6LNxiBXWgaZLCEWNIsmfqLgpefeFSQrIJHz/jxchkb |
|    |                                                                  |      |      | BQtvA8F/o3Vptf0YL4AJnHRlY1NQ10qUyM2iNPn5XfBP0rSxqpL/fbCwYGQNLmrg |
|    |                                                                  |      |      | MOcLTLPojvKGbv9Rlh1xCHoJElIHUzckAq9kbqAUgM/NnWYi77qrtWKsE027cBhw |
|    |                                                                  |      |      | kh4EHG8bCtVIzpzopVOnVSMDOtBPjk8Q5jP3aHAEFNNQZ8hpz5G7/v+Ocu2PA4jp |
|    |                                                                  |      |      | D4q9ky86h7v5eg==                                                 |
|    |                                                                  |      |      | -----END CERTIFICATE-----                                        |
|    |                                                                  |      |      |                                                                  |
+----+------------------------------------------------------------------+------+------+------------------------------------------------------------------+

That offcourse is the certificate /etc/fos/plugins/plugin-fdu-lxd/templates/lxd.crt

Any suggestion?

I remember I was using the same code without issue [1], there was some change in LXD?

[1] #315 (comment)
@gabrik gabrik mentioned this issue Feb 28, 2020
Merged
3 tasks
@gabrik
Copy link
Contributor Author

gabrik commented Feb 28, 2020

I solved this, seems that I was using an old certificate that was no more valid, my bad.

I'm closing this

@gabrik gabrik closed this as completed Feb 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gabrik