Object Storage

"certificate has unknown CA"

jbwexler
2,587 Views

Hi All,

I'm trying to connect to https://s3.ki.se, which uses StorageGRID, in order to create a special remote with git annex. I can't get past the following error. I also posted about this on the git annex forum and they suggested installing self-signed certificates, though I didn't have much look with that. Perhaps I didn't install correctly. Any advice? https://git-annex.branchable.com/forum/Disable_ssl_verification__63__/?updated#comment-5fa20d6d449626a83113d9060e45f038

 

jbwexler$ git annex initremote snd-2020-51-in-progress type=S3 encryption=none public=yes host=s3.ki.se bucket=snd-2020-51-in-progress protocol=https requeststyle=path

initremote snd-2020-51-in-progress (checking bucket...) (creating bucket in US...)
git-annex: HttpExceptionRequest Request {
host = "s3.ki.se"
port = 443
secure = True
requestHeaders = [("Date","Mon, 19 Apr 2021 18:46:54 GMT"),("Authorization","<REDACTED>"),("x-amz-acl","public-read")]
path = "/snd-2020-51-in-progress/"
queryString = ""
method = "PUT"
proxy = Nothing
rawBody = False
redirectCount = 10
responseTimeout = ResponseTimeoutDefault
requestVersion = HTTP/1.1
proxySecureMode = ProxySecureWithConnect
}
(InternalException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))))
failed
git-annex: initremote: 1 failed

 

1 ACCEPTED SOLUTION

ahmadm
2,532 Views

If you have an internal or external CA that you want to create and sign a certificate with, there is a detailed process here: https://github.com/NetApp-StorageGRID/SSL-Certificate-Configuration

 

This process walks you through creating the certificate request (CSR) and signing the certificate with an internal Microsoft CA.

 

Hope this helps.

View solution in original post

1 REPLY 1

ahmadm
2,533 Views

If you have an internal or external CA that you want to create and sign a certificate with, there is a detailed process here: https://github.com/NetApp-StorageGRID/SSL-Certificate-Configuration

 

This process walks you through creating the certificate request (CSR) and signing the certificate with an internal Microsoft CA.

 

Hope this helps.

Public