You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Generating certificates signed with a custom CA certificate result in invalid certificates.
I started working with a CA Cert with a key length of 4096 bytes and a password protected key.
I tried to reduce the causes for an error till I came to the following minimal setup.
Generating and signing the certificate using openssl manually on the cli works without any problems.
Any help is appreciated!
Generate a certificate you later use as trusted CA on your server: openssl req -x509 -nodes -newkey rsa:2048 -keyout test-ca-key.ley -out test-ca-cert.crt -days 365 (in /data/certs/)
Try to generate a signed certificate in your cookbook
openssl_x509_certificate '/data/certs/test-cert.crt' do
common_name 'Test Cert'
ca_key_file '/data/certs/test-ca.key'
ca_cert_file '/data/certs/test-ca.crt'
expire 365
end
Verify your certificate openssl verify -CAfile test-ca.crt test-cert.crt this will result in the following error output:
Description
Generating certificates signed with a custom CA certificate result in invalid certificates.
I started working with a CA Cert with a key length of 4096 bytes and a password protected key.
I tried to reduce the causes for an error till I came to the following minimal setup.
Generating and signing the certificate using openssl manually on the cli works without any problems.
Any help is appreciated!
Chef Version
Chef Infra Client, version 17.5.22
Platform Version
Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-156-generic x86_64)
Replication Case
openssl req -x509 -nodes -newkey rsa:2048 -keyout test-ca-key.ley -out test-ca-cert.crt -days 365
(in /data/certs/)openssl verify -CAfile test-ca.crt test-cert.crt
this will result in the following error output:if you change the key length you might also get this error:
Client Output
The text was updated successfully, but these errors were encountered: