Oups not 1.3 but 2.3 Le 04/04/2012 16:19, Dominig ar Foll (Intel OTC) a écrit :
Hello,
having just updated to OBS 2.3, my API is now running under https (not a bad idea). I have created a PRIVATE certificate following the README. ---------------
mkdir /srv/obs/certs openssl genrsa -out /srv/obs/certs/server.key 1024 openssl req -new -key /srv/obs/certs/server.key \ -out /srv/obs/certs/server.csr openssl x509 -req -days 365 -in /srv/obs/certs/server.csr \ -signkey /srv/obs/certs/server.key -out /srv/obs/certs/server.crt cat /srv/obs/certs/server.key /srv/obs/certs/server.crt \ > /srv/obs/certs/server.pem
---------------------- I see that with osc (version 0.134.1)
if the privately signed certificate is create with a Common Name (CN) which is not the server name, osc refuses to chat with the API. That is bit strick as :
- CN name is normally free of use - In that mode access via IP address is not possible any more - auto recovery system with shadow server configuration cannot be done.
That is very strange as it seems that when the certificate with an official root, the common name is not critical.
Any clue how to overcome that issue ?
Regards
-- Dominig
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org