Skip to content

Attempt a secure connection to an InCommon SSL site #6

Merged
9 commits merged into from Aug 2, 2016
Merged

Conversation

ghost
Copy link

@ghost ghost commented Jul 13, 2016

Connecting via curl to a website with an InCommon issued cert chain shouldn't fail on recognizing the cert.

This issue has been addressed somewhat in the ansible-playbooks .

Remediation steps are, roughly:

  • Acquire the InCommon.crt file from that repo
  • Add it to the container image in the Dockerfile
  • Issue the update-ca-trust extract command to ensure that cert chain is recognized in the future

@ghost ghost self-assigned this Jul 13, 2016
@ghost
Copy link
Author

ghost commented Jul 29, 2016

Updated with InCommon cert and tests.

@test "curl should connect to InCommon cert chain site successfully" {
run docker run -i tier/centos7base curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://github.internet2.edu/
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool technique on the curl for the status code!

Instead of 'tier/centos7base', you can use the $maintainer/$imagename variables from common.bash (A little nicer when we need to transition for any reason.)

@ghost
Copy link
Author

ghost commented Aug 2, 2016

docker/util installed

@ghost ghost merged commit e4b4887 into master Aug 2, 2016
1 check passed
@ghost ghost deleted the incommon-chain branch August 30, 2016 15:13
This pull request was closed.
Sign in to join this conversation on GitHub.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

0 participants