stackoom
  简体   繁体   中英

Artifactory jfrog cli: x509: certificate signed by unknown authority

 原文  2020-12-18 09:38:31       ssl/ artifactory/ jfrog-cli

Question

Environment: Windows Server 2019

Attempting to use the jfrog cli to integrate with an Artifactory server, when I get this error

jfrog rt config example-company --url=$ARTIFACTORY_URL --user=$ARTIFACTORY_USER --password=$ARTIFACTORY_PASS
[Info] Encrypting password...
[Error] Get https://artifactory.example.com/api/security/encryptedPassword: x509: certificate signed by unknown authority

Navigating to https://artifactory.example.com/api/security/encryptedPassword in a browser shows that the TLS certificate is valid, however I get a different error:

{
  "errors" : [ {
    "status" : 404,
    "message" : "User not found: anonymous"
  } ]
}

ping commands also return TLS errors 

jfrog rt ping --url=https://artifactory.example.com
[Error] Get https://artifactory.example.com/artifactory/api/system/ping: x509: certificate signed by unknown authority

Looking at the jfrog github issues, others have reported similar issues

https://github.com/jfrog/jfrog-cli/issues/277

I found a similar Stack Overflow question: Artifactory jfrog cli unable to authenticate but it does not describe the procedure to debug and how the solution was found so I do not know if it applies to my situation.

We are not using self-signed certificates. According to the Certificate Viewer in Google Chrome, the cert comes from Sectigo RSA Domain Validation Secure Server CA.

How can I get the jfrog cli to connect to the Artifactory server?

2 answers

solution1
 1  2020-12-24 10:34:42

The issue and the fix is the same as what's described on https://writeabout.net/2020/03/25/x509-certificate-signed-by-unknown-authority/

The issue is, that Windows Server 2019 has less Root CAs installed then Windows 10 or Linux and it can be fixed by installing the Root CA certificates on the Windows Server 2019. In your case the Root CA certificate of Sectigo.

solution2
 -1  2020-12-18 11:48:27

I assume that you are using the Artifactory with self-signed certificates. You should add these certs in the JFrog CLI, kindly refer to this JFrog wiki for more insights. Place the certificates inside the security/certs directory, which is under JFrog CLI's home directory

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question x509 certificate signed by unknown authority minikube - x509: certificate signed by unknown authority Golang HTTP x509: certificate signed by unknown authority error x509: certificate signed by unknown authority metrics-server gitlab runner - x509: certificate signed by unknown authority AWS Aurora PostgreSQL - x509: certificate signed by unknown authority Docker login x509: certificate signed by unknown authority helm: x509: certificate signed by unknown authority Confusion between signed certificate and error:- x509: certificate signed by unknown authority Terraform self signed certificate results in "Dial x509: certificate signed by unknown authority" for redli
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM