Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error loading CA File: Couldn't parse PEM #2114

Closed
inkblot opened this issue Mar 27, 2018 · 5 comments
Closed

Error loading CA File: Couldn't parse PEM #2114

inkblot opened this issue Mar 27, 2018 · 5 comments

Comments

@inkblot
Copy link

inkblot commented Mar 27, 2018

Bug Report

When I supply the concourse server with the CA certificate for vault, concourse web fails. The CA certificate was generated using vault.

  • Concourse version: concourse/concourse:latest (sha256:c9175c95e95061ab65e108ad9c2ea16e169cbec4743282e47f6e7be903016285)
  • Deployment type (BOSH/Docker/binary): Docker
  • Did this used to work? Not that I've seen

Steps to Reproduce

$ cat certs/movealong-ca.crt
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIUC4PKXLsHgZPch3L9jsfAsh1RlsYwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAxMMTW92ZWFsb25nIENBMB4XDTE3MTAxOTAyMzEwM1oXDTI3
MTAxNzAyMzEzM1owFzEVMBMGA1UEAxMMTW92ZWFsb25nIENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8coJFRvqIfy1Q70BkuP+9Y10TtcVkFB1APU
L2nFxiJLfw7m8Q/s/cOui0D529a76abku2ERepPO9Zu31LlmduZ3v+FpS+WlYvI/
gKxUk2YeftGF7avuhGkmwWWSNvahnFSxgp54MbSgNbTeXAZ+MVaAGlUOpAN7DuEH
OE3IvidvL0cUa5KGaa9+uIl/r8CgVPjfxhWVqaek+KoYDf+ZeR7jSH1AmMyOhVI2
p+URyO4dvtqVa5U7cvK1htuhqdZGTJuURr6AiHu6fp80qA/p7Lzj9yUgCM+GUJ3D
JAHHqM89eocoDDhzuaa5w8lAf7XUQEB9181aVF4OG9D+0HL93QIDAQABo4IBETCC
AQ0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOT3
R/p85aucYeBT8WkHzNSdTsuHMF0GCCsGAQUFBwEBBFEwTzBNBggrBgEFBQcwAoZB
aHR0cDovL3ZhdWx0Lm1vdmVhbG9uZy5pbnRlcm5hbDo4MjgwL3YxL21vdmVhbG9u
Zy9tb3ZlYWxvbmctY2EvY2EwFwYDVR0RBBAwDoIMTW92ZWFsb25nIENBMFMGA1Ud
HwRMMEowSKBGoESGQmh0dHA6Ly92YXVsdC5tb3ZlYWxvbmcuaW50ZXJuYWw6ODI4
MC92MS9tb3ZlYWxvbmcvbW92ZWFsb25nLWNhL2NybDANBgkqhkiG9w0BAQsFAAOC
AQEAjvRJrLMx5U7Wm855QHW2zwS2hNbCOBiCLSnQmxK6dmcJGqmgaXTecbJm98Zu
2UnM57FKBPzxDiTnw2CYeA6+wZPP9LvBnsHzGjK+0s2exHKLqNUBfJaCxMjliWU3
a/PCRz/1+6/uqtAKWVYpuIN+f8GzTNB/IqOCPGYRSeBpivtH9Dv2kJPn5IoSpaqF
8eNLMMaSG51R/e/AFU7E2NnlsKLpRdmfMRXcX4hyLGHpvus2EcpmuaWXsDOSakhA
B88orH70eDa+WtRQjlhltiXIY5Mm6KA/fnfJkznK2658jGP9Lpw29lx3GskPemTZ
F0idL6CoRZqyBWBnPqBL48LR8A==
-----END CERTIFICATE-----
$ docker run -it --rm -e CONCOURSE_BASIC_AUTH_USERNAME=who -e CONCOURSE_BASIC_AUTH_PASSWORD=what -e CONCOURSE_EXTERNAL_URL=http://nope.movealong.internal -e CONCOURSE_POSTGRES_USER=who -e CONCOURSE_POSTGRES_HOST=where -e CONCOURSE_POSTGRES_PASSWORD=what -e CONCOURSE_POSTGRES_DATABASE=how -e CONCOURSE_VAULT_URL=https://vault.movealong.org -e CONCOURSE_VAULT_CA_CERT=/certs/movealong-ca.crt -e CONCOURSE_VAULT_CLIENT_TOKEN=nopenopenope -v ${PWD}/certs:/certs --entrypoint /bin/bash concourse/concourse
root@4678855478f3:/# concourse web
Error loading CA File: Couldn't parse PEM in: /certs/movealong-ca.crt
root@4678855478f3:/# openssl x509 -in /certs/movealong-ca.crt -noout -subject
subject= /CN=Movealong CA
@designed4device
Copy link

We are having the same issue... is this broken or are we doing something wrong?

@inkblot
Copy link
Author

inkblot commented Jul 1, 2018

I think it's broken. I haven't had any problems in any other application with this certificate.

@ElfoLiNk
Copy link

ElfoLiNk commented Jul 2, 2018

What version of Concourse are you using? Can be is one that uses go 1.10 with this issue golang/go#23995

@designed4device
Copy link

Found a team at work that has it working. I'm thinking it is an issue with our cert. Haven't had a chance to test that theory, will follow up when I do.

@vito vito added the triage label Jan 9, 2019
@vito vito removed the triage label Dec 9, 2019
@xtremerui
Copy link
Contributor

closing stale issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@vito @inkblot @ElfoLiNk @xtremerui @designed4device