-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Facing errror while initialising ca schema #299
Comments
With new configuration shared in description, it fails with err: |
This is an issue related to the mariadb database. The different behaviors may be caused by different versions of mariadb-jdbc-client. This link helps you understanding the cause: https://blog.packagecloud.io/solve-unable-to-find-valid-certification-path-to-requested-target/ |
Any update? |
I am currently trying to install xipki 6.5.0 snapshot version with non-tls mode. Let me try with TLS once this is successful |
Close this issue since it is mysql problem. |
mysql backend is enabled with TLS:1.3
Facing below errror while initialising ca schema:
karaf@root()> ca:sql --db-conf /opt/tomcat/xipki/etc/ca/database/ca-db.properties /home/causer/xipki-mgmt-cli-6.3.0/xipki/sql/ca-init.sql
[ WARN] (pipe-ca:sql --db-conf /opt/tomcat/xipki/etc/ca/database/ca-db.properties /home/causer/xipki-mgmt-cli-6.3.0/xipki/sql/ca-init.sql) useSsl option is deprecated, replaced by option sslMode
[ WARN] (pipe-ca:sql --db-conf /opt/tomcat/xipki/etc/ca/database/ca-db.properties /home/causer/xipki-mgmt-cli-6.3.0/xipki/sql/ca-init.sql) disableSslHostnameVerification option is deprecated, replaced by setting option sslMode=verify-ca
[ WARN] (pipe-ca:sql --db-conf /opt/tomcat/xipki/etc/ca/database/ca-db.properties /home/causer/xipki-mgmt-cli-6.3.0/xipki/sql/ca-init.sql) useSsl option is deprecated, replaced by option sslMode
[ WARN] (pipe-ca:sql --db-conf /opt/tomcat/xipki/etc/ca/database/ca-db.properties /home/causer/xipki-mgmt-cli-6.3.0/xipki/sql/ca-init.sql) disableSslHostnameVerification option is deprecated, replaced by setting option sslMode=verify-ca
In ca-db.properties, I have configured the datasource URL with tls options.
dataSource.url = jdbc:mariadb://zts-cmdb:3306/ca?user=ca&password=azUA5XIutZCscO1w&useSSL=true&trustStore=/home/causer/keystore&trustStorePassword=RWxPZ1B0Rm5iaVBDV3dGdw==&keyStore=/home/causer/keystore&keyStorePassword=RWxPZ1B0Rm5iaVBDV3dGdw==&enabledSslProtocolSuites=TLSv1.3&disableSslHostnameVerification=true
This was working with xipki-5.3.0v
Based on error seen, i tried using "sslMode=verify-ca" but doesnt work:
dataSource.url = jdbc:mariadb://zts-cmdb:3308/ca?user=ca&password=azUA5XIutZCscO1w&trustStore=/home/causer/keystore&trustStorePassword=RWxPZ1B0Rm5iaVBDV3dGdw==&keyStore=/home/causer/keystore&keyStorePassword=RWxPZ1B0Rm5iaVBDV3dGdw==&enabledSslProtocolSuites=TLSv1.3&sslMode=verify-ca
Could you pls share a working configuration?
The text was updated successfully, but these errors were encountered: