You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is for the case where a S3 service has a poor certificate - perhaps self-signed, or misconfigured where the common name in the Subject is not also included in the Subject Alternative Name.
Can there be some method to specify that the S3 servers certifcate should not be verified for the 'bosh upload-blobs"
A case example
The "bosh upload-blobs" to the S3 url https://ecslab.example.com fails when the url is not in the certificates Subject Common Name and also not in the Subject Alternative Name (SAN). This is an example where there is a Load Balancer in front of six S3 nodes. The Load Balancer terminates the TLS session and opens a backend connection to one of the S3 nodes.
Blob upload 'my/large_blob' failed
Uploading blobs:
Creating blob for path 'my/large_blob:
Creating blob in inner blobstore:
Generating blobstore ID:
upload failure: RequestError: send request failed
caused by: Post https:/bosh-release-blobstore/93abbe20-335d-4ef8-1234-a0a59d87717a?uploads=: x509: certificate is valid for ecslabn1-node-2.travt.net, ecslabn1-node-1.example.com, ecslabn1-node-6.example.com, ecslabn1-node-5.example.com, ecslabn1-node-4.example.com, ecslabn1-node-3.example.com, not ecslab.example.com
Exit code 1
Bypassing the Load Balancer and directly accessing the backend ecslabn1-node-1.example.com fails because the nodes have a certificate where the Subject Common Name is "localhost" and there is no Subject Alternative Name ...
Blob upload 'my/large_blob' failed
Uploading blobs:
Creating blob for path 'my/large_blob':
Creating blob in inner blobstore:
Generating blobstore ID:
upload failure: RequestError: send request failed
caused by: Post https:/bosh-release-blobstore/bc663d16-5507-47e4-1234-cfc01ebad369?uploads=: x509: certificate is valid for localhost, not ecslabn1-node-1.example.com
The text was updated successfully, but these errors were encountered:
We're going to close this issue due to inactivity. Again, this isn't exactly a use case we're interested in prioritize right now, but hopefully you have found a suitable workaround.
This is for the case where a S3 service has a poor certificate - perhaps self-signed, or misconfigured where the common name in the Subject is not also included in the Subject Alternative Name.
Can there be some method to specify that the S3 servers certifcate should not be verified for the 'bosh upload-blobs"
A case example
The "bosh upload-blobs" to the S3 url https://ecslab.example.com fails when the url is not in the certificates Subject Common Name and also not in the Subject Alternative Name (SAN). This is an example where there is a Load Balancer in front of six S3 nodes. The Load Balancer terminates the TLS session and opens a backend connection to one of the S3 nodes.
Blob upload 'my/large_blob' failed
Uploading blobs:
Creating blob for path 'my/large_blob:
Creating blob in inner blobstore:
Generating blobstore ID:
upload failure: RequestError: send request failed
caused by: Post https:/bosh-release-blobstore/93abbe20-335d-4ef8-1234-a0a59d87717a?uploads=: x509: certificate is valid for ecslabn1-node-2.travt.net, ecslabn1-node-1.example.com, ecslabn1-node-6.example.com, ecslabn1-node-5.example.com, ecslabn1-node-4.example.com, ecslabn1-node-3.example.com, not ecslab.example.com
Exit code 1
Bypassing the Load Balancer and directly accessing the backend ecslabn1-node-1.example.com fails because the nodes have a certificate where the Subject Common Name is "localhost" and there is no Subject Alternative Name ...
Blob upload 'my/large_blob' failed
Uploading blobs:
Creating blob for path 'my/large_blob':
Creating blob in inner blobstore:
Generating blobstore ID:
upload failure: RequestError: send request failed
caused by: Post https:/bosh-release-blobstore/bc663d16-5507-47e4-1234-cfc01ebad369?uploads=: x509: certificate is valid for localhost, not ecslabn1-node-1.example.com
The text was updated successfully, but these errors were encountered: