Server Fault Asked by Chandima Jayawickrema on January 9, 2021
My CentOS 7 server which is in AWS private cloud(company network), is unable to connect to some sites. After some work I managed to narrow the problem down to following problem.
curl -v https://git.company.com
which returns,
About to connect() to git.company.com port 443 (#0)
Trying 10.62.124.6...
Connected to git.company.com (10.62.124.6) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
curl -v https://alm.company.com
which returns
About to connect() to alm.company.com port 443 (#0)
Trying 10.64.167.137...
Connected to alm.company.com (10.64.167.137) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
...
...
...
Accept: */*
These are both internal sites trusted by same public CA.
How can debug this further?
I ran into some solutions where they ask to install company’s into the server(though i’m wondering why one site works but other one doesnt), but not sure how to install this certificate correctly.
Can someone help please?
Thanks for the help.
You can use curl -k ... to make it ignore certificate irregularities.
Or you can use curl --cacert <CA certificate> to supply your company CA cert.
Or you can add your company CA cert to /etc/pki/tls/certs/ and run make there to make it available system-wide.
Ah, and to retrieve the company root CA use this: openssl s_client -connect git.company.com:443 -showcerts - that will dump all the certificates in the chain.
Answered by potom on January 9, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP