Marathon SSL and Basic Access Authentication

[alexisCata]

I'm following this doc:
https://github.com/mesosphere/marathon/blob/master/docs/docs/ssl-basic-access-authentication.md
I have researched on Internet but I can't find nothing related...

In the step 3. Combine the key and certificate files into a PKCS12 format file...

$ openssl pkcs12 -inkey marathon.key
-passin "env:MARATHON_KEY_PASSWORD"
-name marathon
-in trusted.pem
-password "env:MARATHON_PKCS_PASSWORD"
-chain -CAfile "trustedCA.crt"
-export -out marathon.pkcs12

Where "trustedCA.crt" come from? There is no clear info in the docs
Is a cert of my server?
I have created a cert in my server and added but when I executed the command and get the error:

Error self signed certificate getting chain.

Any help will be appreciated

[janisz]

I generate self signed certs as follow without chain.

mkdir -p /etc/marathon/ssl
cd /etc/marathon/ssl
export MARATHON_SSL_KEYSTORE_PASSWORD=jks_pass
keytool -keystore marathon.jks -deststorepass $MARATHON_SSL_KEYSTORE_PASSWORD -alias marathon -genkey -keyalg RSA
cat << EOF > /etc/default/marathon
MARATHON_SSL_KEYSTORE_PATH=/etc/marathon/ssl/marathon.jks
MARATHON_SSL_KEYSTORE_PASSWORD=$MARATHON_SSL_KEYSTORE_PASSWORD
EOF

[unterstein]

Thanks @janisz for the answer.
I`ll interpret in your thumbs up, that this solves your issue? I would like to use your ticket as marker that we should improve the documentation on this topic.

[alexisCata]

Sorry for the delay answering. Just tries but is not working, can start marathon in that way 2016-12-16 11:32 GMT+01:00 Johannes Unterstein <notifications@github.com>:

…

Thanks @janisz <https://github.com/janisz> for the answer. I`ll interpret in your thumbs up, that this solves your issue? I would like to use your ticket as marker that we should improve the documentation on this topic. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4783 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AGbE1wYDhXJqjMMr5k-fTrPnst8yV684ks5rImizgaJpZM4LFgYO> .

[alexisCata]

Sorry, my bad. Its working! :D 2016-12-20 16:41 GMT+01:00 Ale Xis <alexisfloresortega@gmail.com>:

…

Sorry for the delay answering. Just tries but is not working, can start marathon in that way 2016-12-16 11:32 GMT+01:00 Johannes Unterstein ***@***.***>: > Thanks @janisz <https://github.com/janisz> for the answer. > I`ll interpret in your thumbs up, that this solves your issue? I would > like to use your ticket as marker that we should improve the documentation > on this topic. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <#4783 (comment)>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AGbE1wYDhXJqjMMr5k-fTrPnst8yV684ks5rImizgaJpZM4LFgYO> > . >

[meichstedt]

Note: This issue has been migrated to https://jira.mesosphere.com/browse/MARATHON-1916. For more information see https://groups.google.com/forum/#!topic/marathon-framework/khtvf-ifnp8.

[meichstedt]

Note: This issue has been migrated to https://jira.mesosphere.com/browse/MARATHON-1916. For more information see https://groups.google.com/forum/#!topic/marathon-framework/khtvf-ifnp8.