Problem:
Hi
I tried to build my first pulp3 server
For that, i use the all in one container image,using a custom image to add my root ca certificate
FROM docker.io/pulp/pulp:latest
COPY cert_wildcard2023-ca.crt /etc/pki/ca-trust/source/anchors/
RUN update-ca-trust
I also added my key/cert in the container
My issue is that with the pulp client, If I enable the verify_ssl option, I got the following error
pulp status
Error: HTTPSConnectionPool(host=‘myserver.mydomain’, port=8080): Max retries exceeded with url: /pulp/api/v3/status/ (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)’)))
But, If I open
https ://myserver.domain:8080/pulp/api/v3/
I can see that my certificate is valid (domain certificate).
A test with curl seem fine too :
curl -vvI https://myserver.mydomain.corp:8080/pulp/api/v3/status/
- Trying 10.0.250.11:8080…
- Connected to myserver.mydomain.corp (10.0.250.11) port 8080 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
… - SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
- ALPN, server accepted to use http/1.1
- Server certificate:
… - subjectAltName: host “myserver.mydomain.corp” matched cert’s “*.mydomain.corp”
- SSL certificate verify ok.
- TLSv1.2 (OUT), TLS header, Unknown (23):
HEAD /pulp/api/v3/status/ HTTP/1.1
Host: myserver.mydomain.corp:8080
User-Agent: curl/7.76.1
Accept: /
- TLSv1.2 (IN), TLS header, Unknown (23):
- Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
Is there an additionnal step needed for the client ?
Expected outcome:
Pulpcore version:
{
“component”: “core”,
“version”: “3.49.1”,
“package”: “pulpcore”,
“module”: “pulpcore.app”,
“domain_compatible”: true
},
pulp --version
pulp3 command line interface, version 0.24.1
Pulp plugins installed and their versions:
Operating system - distribution and version:
Redhat 9 - up-to-date version
Other relevant data:
