jfrog-cli icon indicating copy to clipboard operation
jfrog-cli copied to clipboard

Published 20 hours ago verified publisher icon jfrog

how to configure cli trust store

Open torstenstach opened this issue 7 years ago • 11 comments

>jfrog rt ping --url=https://artprod.issh.de/artifactory [Error] Get https://artprod.issh.de/artifactory/api/system/ping: x509: certificate signed by unknown authority how to configure the jfrog-cli trust store?

  • is there a way to disable the check?
  • where is the trust store?
  • Can i add certificats to the trust store?

torstenstach avatar Nov 20 '18 11:11 torstenstach

@torstenstach, Here's you add your self signed certificates. Disabling the use of SSL certificates is currently not supported, but we're considering add it. Let us know if this helps.

eyalbe4 avatar Nov 20 '18 13:11 eyalbe4

No this does not help. under windows cli is unable to check the whole certificate chain. WORKAROUND: install the sub-ca certificate also as Trusted Root Certificate

Can you fix this?

image

torstenstach avatar Nov 22 '18 11:11 torstenstach

@torstenstach, Are you using the latest JFrog CLI version? (currently the latest version is 1.22.0). I'm asking because you may be affected by https://github.com/golang/go/issues/18609. The latest JFrog CLI release is built with Go 1.11, which should include this fix.

eyalbe4 avatar Nov 22 '18 12:11 eyalbe4

I have the same problem with version 1.22.0

torstenstach avatar Nov 22 '18 12:11 torstenstach

@torstenstach, Actually, we need to wait for this issue to be fixed - https://github.com/golang/go/issues/16736 I'm not sure there's anything we can do before it is fixed by go... We have tried to fix this in the past by adding https://github.com/jfrog/jfrog-client-go/blob/master/artifactory/auth/cert/sslutils_windows.go (runs for Windows only), but there's a chance this code is not perfect. I see no other option but waiting for the above issue to be fixed.

eyalbe4 avatar Nov 22 '18 15:11 eyalbe4

I have the same problem, any news about this ?

moeHaydar avatar Feb 21 '19 15:02 moeHaydar

+1

vdsbenoit avatar Feb 14 '20 11:02 vdsbenoit

About: "is there a way to disable the check?" The option --insecure-tls was added recently: https://github.com/jfrog/jfrog-cli/blob/master/RELEASE.md#1351-mar-18-2020

kenden avatar Apr 16 '20 13:04 kenden

This link from https://github.com/jfrog/jfrog-cli/issues/277#issuecomment-440280090 is now broken and I'm really having a hard time finding the current location of documentation on using JFrog CLI with internal certificate authorities: https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory#CLIforJFrogArtifactory-UsingSelf-signedSSLCertificates

kenyon avatar Aug 03 '23 19:08 kenyon

This link from #277 (comment) is now broken and I'm really having a hard time finding the current location of documentation on using JFrog CLI with internal certificate authorities: https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory#CLIforJFrogArtifactory-UsingSelf-signedSSLCertificates

https://web.archive.org/web/20191007071125/https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory

emveee avatar Sep 07 '23 01:09 emveee

FYI the issue is still existing in jfrog cli 2.52.9 (latest at the time of my comment). The bug https://github.com/golang/go/issues/16736 looks fixed (closed completed in november 2021)

Can somebody take a look at this now? Thanks

larkoie avatar Feb 15 '24 14:02 larkoie

I have version 2.71.0 of the cli.

I have exactly the same problem. To add more info, SSL works with curl -UseBasicParsing "https://artifactory.example.com/artifactory/api/system/ping" but not with jfrog rt ping.

I have installed my root CA certificate in my Docker image using:

  • Import-Certificate -FilePath C:\my_cert.crt -CertStoreLocation Cert:\LocalMachine\Root
  • manual copy to: ~/.jfrog/security. In my case it was: C:\Users\ContainerAdministrator\.jfrog\security

Any other clue?

mathieugouin avatar Oct 16 '24 20:10 mathieugouin