Skip to content

Attempt a secure connection to an InCommon SSL site #6

Merged
9 commits merged into from Aug 2, 2016
Merged

Conversation

@ghost
Copy link

ghost commented Jul 13, 2016

Connecting via curl to a website with an InCommon issued cert chain shouldn't fail on recognizing the cert.

This issue has been addressed somewhat in the ansible-playbooks .

Remediation steps are, roughly:

  • Acquire the InCommon.crt file from that repo
  • Add it to the container image in the Dockerfile
  • Issue the update-ca-trust extract command to ensure that cert chain is recognized in the future
@ghost ghost self-assigned this Jul 13, 2016
@ghost
Copy link
Author

ghost commented Jul 29, 2016

Updated with InCommon cert and tests.

Chris Bynum
@test "curl should connect to InCommon cert chain site successfully" {
run docker run -i tier/centos7base curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/

This comment has been minimized.

Copy link
@ghost

ghost Aug 1, 2016

Author

Cool technique on the curl for the status code!

Instead of 'tier/centos7base', you can use the $maintainer/$imagename variables from common.bash (A little nicer when we need to transition for any reason.)

@ghost
Copy link
Author

ghost commented Aug 2, 2016

docker/util installed

@ghost ghost merged commit e4b4887 into master Aug 2, 2016
1 check passed
1 check passed
Jenkins job incommon-chain This commit looks good
Details
@ghost ghost deleted the incommon-chain branch Aug 30, 2016
This issue was closed.
Sign in to join this conversation on GitHub.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

0 participants
You can’t perform that action at this time.