We're updating the issue view to help you get more done. 

Invalid certificate error with any CFY CLI command

Description

If cloudify manager is installed with CA signed external certificate CFY CLI can not operate with cloudify manager

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Listing all profiles... Profiles: +-----------------+----------------+------------------+----------------+----------+----------------+----------+-----------+---------------+--------------------------------------------------------------+-----------------+ | name | manager_ip | manager_username | manager_tenant | ssh_user | ssh_key_path | ssh_port | rest_port | rest_protocol | rest_certificate | bootstrap_state | +-----------------+----------------+------------------+----------------+----------+----------------+----------+-----------+---------------+--------------------------------------------------------------+-----------------+ | 172.16.167.101 | 172.16.167.101 | admin | default_tenant | root | ~/.ssh/key.pem | 22 | 443 | https | /root/.cloudify/profiles/172.16.167.101/public_rest_cert.crt | Complete | | 172.16.167.102 | 172.16.167.102 | admin | default_tenant | root | ~/.ssh/key.pem | 22 | 443 | https | /root/.cloudify/profiles/172.16.167.102/public_rest_cert.crt | Complete | | *172.16.167.103 | 172.16.167.103 | admin | default_tenant | root | ~/.ssh/key.pem | 22 | 443 | https | /root/.cloudify/profiles/172.16.167.103/public_rest_cert.crt | Complete | +-----------------+----------------+------------------+----------------+----------+----------------+----------+-----------+---------------+--------------------------------------------------------------+-----------------+ [root@cli-p6c9iz ~]# cfy status Retrieving manager services status... [ip=172.16.167.103] Invalid certificate error: The local copy of the rest public certificate does not match the certificate on the manager. This could either mean you are using the wrong certificate file, or that you are not communicating with the correct Cloudify Manager. [root@cli-p6c9iz ~]# cfy blueprints list Listing all blueprints... Invalid certificate error: The local copy of the rest public certificate does not match the certificate on the manager. This could either mean you are using the wrong certificate file, or that you are not communicating with the correct Cloudify Manager.

If set SHELL variable with CA certificate path

1 export LOCAL_REST_CERT_FILE=/etc/pki/tls/cert.pem

Other behavior appears:

1 2 3 4 [root@cli-p6c9iz ~]# export LOCAL_REST_CERT_FILE=/etc/pki/tls/cert.pem [root@cli-p6c9iz ~]# cfy blueprints list Rest Certificate is set in profile *and* in the `LOCAL_REST_CERT_FILE` env variable. Resolve the conflict before continuing. Either unset the env variable, or run `cfy profiles unset --rest_certificate`

Status

Assignee

Omer Duskin

Reporter

Vladimir Antonovich

Labels

Severity

None

Bug Type

None

Target Version

None

Severity

None

Epic Link

Fix versions

Affects versions

4.2