New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCM HTTPS, unknown CA #1469
Comments
Update, I also get the following errors: Using
Using
Sidenote, running the
Looking at the SCM page (where you can configure Import/Export settings), I can now see that it has indeed been configured - just not enabled. Enabling it will render the previous error (with the fingerprint three times), and then saying it couldn't be enabled due to errors:
|
the SSL trust chain would be the one used by java. |
workaround for |
For future readers. I added the keys to
|
@LordMike I added a toggle to disable "strict" key checking, however it would probably be nice to allow strict mode without doing those manual steps. How could we improve that? A GUI configuration to paste the output of |
Added benefit of storing host keys (and SSL/TLS thumbprints) in the configuration is that in a distributed or recovered environment, a second host can quickly take over executions, and won't rely on local (cryptic and undocumented) configuration. |
thanks. making the config properties fancier (dynamic) may be slightly out of scope right now, definitely a future enhancement. I think adding a textbox is a good idea. the git plugin could run Good point about storing the host keys for secondary environment... one caveat: right now the SCM plugin config is scoped only to the unique UUID of current rundeck server node (if using clusterMode), so that multiple nodes don't all attempt to synch/import/export jobs to the same repo. There needs to be a way to migrate the config from one server UUID to another for failover. I appreciate all of the feedback! |
Hi,
When trying to set up Git-SCM from #1465, I get the following error with HTTPS (was unable to do SSH for some reason):
So, basically my site uses a CACert.org certificate, which is probably what it's complaining about. This will however affect any site/organization using an internal CA or other untrusted CA.
How can I add the CA certificate to my trust chain?
Is it git's trust chain or Java's trust chain? (tool is git, exception is Java)
The text was updated successfully, but these errors were encountered: