apache - Cannot get a Koji Build system work -
i setup koji build environment in centos6 machine server suggested documentation (http://fedoraproject.org/wiki/koji/serverhowto). access koji web using http. yet facing ssl certificate trouble when switching https:
client browser error produced mozilla firefox:
ssl peer unable negotiate acceptable set of security parameters. (error code: ssl_error_handshake_failure_alert) having enabled 2 admin users, koji secific error when running command:
su kojiman; koji call getloggedinuser
errors under : kojiman:
error: [('ssl routines', 'ssl3_get_server_certificate', 'certificate verify failed')] su kojiadmin; koji call getloggedinuser errors under: kojiadmin
error: [('ssl routines', 'ssl3_read_bytes', 'sslv3 alert bad certificate'), ('ssl routines', 'ssl3_write_bytes', 'ssl handshake failure')] while in httpd ssl log have following:
############################"ssl erros:
[wed feb 05 18:37:28 2014] [error] [client 46.21.193.155] certificate verification: error (19): self signed certificate in certificate chain [wed feb 05 18:44:06 2014] [warn] rsa server certificate commonname (cn) `kojihub' not match server name!? [wed feb 05 18:44:06 2014] [warn] rsa server certificate commonname (cn) `kojihub' not match server name!? when test certificate openssl:
openssl s_client -connect localhost:443 -tls1 -cafile /etc/pki/koji/kojihub.pem
i indeed get:
verify error:num=20:unable local issuer certificate verify error:num=27:certificate not trusted verify error:num=21:unable verify first certificate verify return:1 139736479307592:error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1256:ssl alert number 40 139736479307592:error:1409e0e5:ssl routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:596: verify return code: 21 (unable verify first certificate) any appreciated!
solved. using wrong certificate main builder. changed in kojid.conf
Comments
Post a Comment