Artifactory Jfrog CLI无法验证

时间:2019-06-25 18:51:20

标签: ssl go artifactory

在出现此错误时,尝试使用jfrog cli与人工服务器集成

jfrog rt config example-company --url=$ARTIFACTORY_URL --user=$ARTIFACTORY_USER --password=$ARTIFACTORY_PASS
[Info] Encrypting password...
[Error] Get https://artifactory.example.com/api/security/encryptedPassword: x509: certificate signed by unknown authority

在浏览器中导航到https://artifactory.example.com/api/security/encryptedPassword表示TLS证书有效,但是我得到了另一个错误:

{
  "errors": [
    {
      "status": 404,
      "message": "User not found: bill.gates"
    }
  ]
}

ping命令还会返回TLS错误

jfrog rt ping --url=https://artifactory.example.com
[Error] Get https://artifactory.example.com/artifactory/api/system/ping: x509: certificate signed by unknown authority

jfrog cli用golang编写。运行版本:

go version
go version go1.12.5 darwin/amd64

看着jfrog github问题,其他人也报告了类似问题

https://github.com/jfrog/jfrog-cli/issues/277

如何获取jfrog cli以连接到工件服务器?

1 个答案:

答案 0 :(得分:1)

错误是由配置错误的apache虚拟主机引起的。由于证书链捆绑在证书中,因此不需要SSLCertificateChainFile。 Web浏览器可以毫无问题地处理这种配置错误,但是golang对该链的要求更高。

配置错误

  SSLCertificateFile      "/etc/ssl/certs/artifactory.example.com.crt.pem"
  SSLCertificateKeyFile   "/etc/ssl/private/artifactory.example.com.key.pem"
  SSLCertificateChainFile "/etc/ssl/certs/STAR.bad.example.com.pem"

工作配置

  SSLCertificateFile      "/etc/ssl/certs/artifactory.example.com.crt.pem"
  SSLCertificateKeyFile   "/etc/ssl/private/artifactory.example.com.key.pem"